Highlighted
Contributor
Contributor

Layer-2 domain on the NSX Virtual Switch

Jump to solution

Hey Experts,

I was going through NSX Data plane components section of the NSX-V ICM Student Guide. Below three statements are a bit confusing for me, can anyone provide expert opinion and explanation.

1. On NSX Virtual Switch, hosts are not restricted to the same layer 2 domain for virtual machine to virtual machine communic ation across hosts.

2. You must migrate virtual machines from a host before installing the VlBs.

3. VMware NSX Edge gateway is not distributed and so the gateway lacks a control entity.

Thanks in advance.

Please consider marking this answer "correct" or "helpful" if you think your query has been answered correctly.
1 Solution

Accepted Solutions
Highlighted
Enthusiast
Enthusiast

Hi Dear,

Please find my below answers:

1. On NSX Virtual Switch, hosts are not restricted to the same layer 2 domain for virtual machine to virtual machine communic ation across hosts.

This means that you can have hosts with vTEP interfaces in different interfaces and you still be able to create L2 switches spanning these hosts and have VMs attaching to hosts (with vTEPs in different VLANs) communicating in the same L2 domain. This is what we mean by "NSX provides L2 communication over L3 network".

2. You must migrate virtual machines from a host before installing the VlBs.

This is required manually if DRS is not enabled on the vSphere cluster because a host will be put in maintenance mode for VIBs to be installed. If DRS is enabled and even if there are VMs running on that host, DRS will vMotion all VMs running on that host automatically to another host and then put the host in maintenance mode when you attempt to prepare that host for NSX and install the NSX VIBs.

3. VMware NSX Edge gateway is not distributed and so the gateway lacks a control entity.

This means that the NSX edge is not distributed because it is a VM running on top of a vSphere cluster compared to the DLR which is distributed in the kernel of the ESXi hosts. So Edge will offer you centralized N-S traffic routing while DLR will offer you distributed E-W traffic routing. The DLR has a control VM which falls in the control plane but the DLR instance itself is distributed in the ESXi kernel, however the NSX edge falls in the data plane and does not have any separated control component that falls in the control plane.

Hope it is clear now,

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN

View solution in original post

2 Replies
Highlighted
Enthusiast
Enthusiast

Hi Dear,

Please find my below answers:

1. On NSX Virtual Switch, hosts are not restricted to the same layer 2 domain for virtual machine to virtual machine communic ation across hosts.

This means that you can have hosts with vTEP interfaces in different interfaces and you still be able to create L2 switches spanning these hosts and have VMs attaching to hosts (with vTEPs in different VLANs) communicating in the same L2 domain. This is what we mean by "NSX provides L2 communication over L3 network".

2. You must migrate virtual machines from a host before installing the VlBs.

This is required manually if DRS is not enabled on the vSphere cluster because a host will be put in maintenance mode for VIBs to be installed. If DRS is enabled and even if there are VMs running on that host, DRS will vMotion all VMs running on that host automatically to another host and then put the host in maintenance mode when you attempt to prepare that host for NSX and install the NSX VIBs.

3. VMware NSX Edge gateway is not distributed and so the gateway lacks a control entity.

This means that the NSX edge is not distributed because it is a VM running on top of a vSphere cluster compared to the DLR which is distributed in the kernel of the ESXi hosts. So Edge will offer you centralized N-S traffic routing while DLR will offer you distributed E-W traffic routing. The DLR has a control VM which falls in the control plane but the DLR instance itself is distributed in the ESXi kernel, however the NSX edge falls in the data plane and does not have any separated control component that falls in the control plane.

Hope it is clear now,

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN

View solution in original post

Highlighted
Contributor
Contributor

MohamadAlhoussein​ Many thanks for your detailed response.

Please consider marking this answer "correct" or "helpful" if you think your query has been answered correctly.