Hi
Do we really need the NSX controllers for enabling only DFW in the cluster?. Not going to use the VXLAN just keep the existing VLAN's allowed to the cluster.
The requirement is to firewall the traffic between the VLAN's/Subnet's and within the same subnet we have subset of IP pools.
Thanks in advance.
i took the training this summer and i remember that question being asked. And to answer your question No i do not think you need to controllers.. i am not 100% certain but that is what i remember
I believe you are correct. You should be able to simply deploy NSX manager
and prepare the cluster members for DFW without deploying the controllers.
I am 99% sure I've done this when I was testing DFW and log insight.
On Tue, Dec 2, 2014 at 12:37 PM, ChrisBCarlson <
NSX Controllers are in charge of:
In other words, if you do use:
Then you do not need Controllers.
Dimitri
Just to clarify - the Controllers are not responsible for Dynamic Routing, but for all Distributed Logical Routing synchronization (Routes and LIFs). So DLR without Dynamic Routing still requires the NSX Controllers.
Also, confirming DFW can be used for VLAN backed dvPortgroups without NSX Controllers.
Can you also confirm if the DFW can be used for Cisco Nexus 1Kv? From what I understand it should be ok.
I don't think that is going to work, everything I have seen lists using the
VMware distributed switch as a requirement for all of the components of NSX
for vSphere, not just the overlay parts.
It's time to pick a networking stack, when I was a customer I had to rip
out the 1kv for VDS when we made the NSX decision.
If you want to help replace some of the delegation to the network team that
1kv provides I would flesh out the network teams requirements and look at
providing them with PowerCLI scripts delivered through power gui. That's
what we did, worked well for us.
On Wed, Dec 3, 2014 at 4:19 PM, werme <communities-emailer@vmware.com>
NSX features (including DFW) are supported on the vSphere Distributed Switch