Multi-tenancy Discussion

I'm in my lab environment using NSX 6.2 but this discussion\question could apply to 6.1 as well. 

This is the setup I would like to work:

Perimeter ESG to a DLR.  Under that DLR I want to have and EDGE\DLR pair per tenant.  This give me pretty good scalability as well as the option to use ECMP at the perimeter should I choose to do so.  The problem I am having is that you cannot pass routing information southbound from the DLR.  This means that if I am running OSPF or BGP throughout this entire environment, the problem point is that DLR that sits under my Perimter ESG.  It's routing info doesn't make it to the tenant Edges.  I wont rule out that I have something misconfigured, however I don't believe this to be the case.  I know I can do static routing and make this work, but if I want to scale this out I want to use a dynamic routing protocol.

Going through the new design guide (3.0) they address scaling on pg 72 with the route aggregation layer and trunking to create sub interfaces.  This is great, but doesn't allow for ECMP to be utilized, meaning I am limited to 10G throughput.  If I choose to use ECMP for throughput, I lose the ability to have the ESG\DLR pair for each tenant, because of the limitation I have listed above. 

The new guide also lists unsupported topologies, of which the one I have described above is not one. 

With NSX there are a lot of ways to approach this, so I'm curious as to what I may be missing or if there is another, perhaps better way to approach this.  It seems with the design guide I can scale, or I can get throughput, but not necessarily both. 

0 Kudos
1 Reply

Hi Jacob

We do have a few customers exploring an ESG -> DLR -> ESG hierarchy like you're wanting.  Its not specifically unsupported, but its also not a recommended config at this time.  Unfortunately, you are correct on the BGP/OSPF thing - it is not possible for a DLR to peer southbound like that. 

I'd recommend contacting your local NSX specialist SE to chat about possible architectures that would achieve what you're after without doing that.  I personally can't really make a recommendation without walking through the specific requirements and so forth.

If you don't know who your NSX specialist SE is, email me directly at with the details of what company you're with, etc and I'll get you connected or help you myself if appropriate.



0 Kudos