HassanAlKak88
Expert
Expert

ESG with ECMP

Hello,

We are preparing the design for NSX deployment, kindly advise in which case i use ESG with ECMP instead of an ESG with HA ?

Thanks,


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
5 Replies
A13x
Hot Shot
Hot Shot

If the ESG are providing routing i would go with ECMP rather than HA (which i see is more suited to symmetrical connectivity).

If you have two ESG which are using ECMP (multiple route paths), if one goes down at least only half will be affected, it will then reroute to the other ESG. if you use HA and it happens to take down the active, you then need to wait it out before the passive kicks in. HA Deadtimer + extra. It really depends on your setup. I find ECMP to be a lot more quicker than HA in terms of network connectivity restoration.

sjason
Enthusiast
Enthusiast

To add to this, if you are using stateful services on the ESG - load balancing, NAT, FW, VPN - then you will need to use HA rather than ECMP. If there isn't a requirement for stateful services, ECMP can provide quicker failover if you tune the routing protocol timers.

HassanAlKak88
Expert
Expert

Thanks Dear,


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
0 Kudos
HassanAlKak88
Expert
Expert

Thanks Dear,

Good point, but to double check also the FW will be disabled if we enable ECMP ?

So what we cannot work with distributed firewall ?

please advise,


Cheers,
vExpert2020-2019||vExpert-NSX2020||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S
Twitter: @KakHassan
LinkedIn: linkedin.com/in/hassanalkak
0 Kudos
tsangha
VMware Employee
VMware Employee

When using ECMP on the ESG stateful services including the ESG firewall is disabled, however you are still able to leverage the distributed firewall to protect virtual machines.

The ESG FW and DFW are two separate entities and have different enforcement points.

Cheers, Tony blog: https://tonysangha.com