VMware Networking Community
sawag
Enthusiast
Enthusiast
‎10-20-2017 02:37 PM
Jump to solution

NSX Design

Hello,

We want to design VMware NSX for our 5 environments in the same datacenter. We have 120 physical hosts with more than 500 virtual machines running. Please guide what will be the best practice for VMware NSX design and implementation. Integration with Palo Alto is also required.

BR,

Tags (1)
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎10-21-2017 12:44 PM
Jump to solution

Appreciate for providing that clarity. There no sizing calculator which will give you clear specs requirement. As you know there are broad range of network/security services that is possible with NSX. Since you are already planning to engage PSO  for now you may please check https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virt...

Unfortunately there are no official max/minimum guide which covers full features.But you can have a look at NSX Maximum

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
9 Replies
daphnissov
Immortal
Immortal
‎10-20-2017 03:11 PM
Jump to solution

As I responded to a similar thread here where you want people to design a multi-site vRA for you, you now want the same for NSX? Presumably to work in tandem? You're asking for quite a lot without supplying very much information at all. You really should be working with a partner to come up with a proper design in these cases. This isn't trivial work you're requesting be provided for you.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
amolnjadhav
Enthusiast
Enthusiast
‎10-21-2017 12:38 AM
Jump to solution

Hi Sawag,

   Implementation of NSX from greenfield DC needs proper planning and discussion with your Network/ESX team, hence i would recommend you to engage VMware PSO's to implement in your environment.

   Your ask/requirement is very difficult to discuss in this forum.

Please consider marking this answer "correct" or "helpful" if you think your query have been answered correctly. Regards Amol Jadhav VCP NSXT | VCP NSXV | VCIX6-NV | VCAP-DCA | CCNA | CCNP - BSCI
0 Kudos
Sreec
VMware Employee
VMware Employee
‎10-21-2017 01:55 AM
Jump to solution

Considering this environment which is a brownfield environment lot more pre-checks and requirements should be done/gathered to have a smooth integration and it is not easy to provide accurate points. However below points are generic and based on the design you can consider it whenever situation demands.

  1. Number of vCenter Servers required
  2. PSC availability consideration with LB
  3. Number  of vSphere clusters & VDS mapping- Go for separate cluster for management and Compute considering the size of the set-up. Collapsed cluster not a recommended set-up for this design.
  4. Transport Zone mapping
  5. VXLAN replication modes
  6. NSX manager roles(Primary/Secondary for multi site)
  7. Network multi tenancy.
  8. Microsegmentation workloads - since PA is involved you need to gather requirements for traffic redirection to PA (I'm hoping this is PA appliance)
  9. BCDR integration ( I prefer integrating BCDR in the last phase )
  10. CMP integration
  11. Most important point - you need to have precise physical networking topology to know the end-end connectivity. L2/L3 with Firewall integration and path flow. Leaf/Spine architecture is a much better option and scalability of compute workloads across or within racks fits very well in this case.
  12. Workload migration from VLAN to VXLAN - if there is a subnet/gateway change you need careful planning especially for clustering applications running on VM set-up

So in a nutshell vSphere design is foundation and ensure that you change the design prior to NSX integration if it is required and you can certainly do this with minimal downtime . I have done something similar for a two site brownfield set-up. If you can share more inputs we can keep this thread open for further discussion but again highly recommended to engage a consultant ,make him visit the site and understand the architecture and do the integration accordingly.

You should read NSX brownfield guide -> https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/whitepaper/products/nsx/vmware-nsx...

For Palo-Alto integration -> https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/whitepaper/products/nsx/nsx-palo-a...

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
sawag
Enthusiast
Enthusiast
‎10-21-2017 03:30 AM
Jump to solution

@ daphnissov,

I am sorry to say but it is not a good response at all. I am not asking to design any solution but only share some ideas. These things are still under discussion in our company and for sure it will not a small implementation and we will be required to engage PSO team. I just wanted to get some ideas before PSO engagement. Anyways, thanks for your time and reply.

0 Kudos
sawag
Enthusiast
Enthusiast
‎10-21-2017 03:39 AM
Jump to solution

@ Sreec

I really appreciate your time and sharing very useful information. I think if we will have vCenter servers with high availability for each environment will be a good decision and same for NSX as NSX manager will be mapped one to one with vCenter Server. So in this case should we have only 3 controllers for all the environments or separate for each environment? and how to achieve high availability in NSX?

Thanks again..

0 Kudos
Sreec
VMware Employee
VMware Employee
‎10-21-2017 03:53 AM
Jump to solution

Well if you are looking for Multisite NSX design with workload mobility across the sites. NSX controllers will be running only on your primary site and rest of the sites will be secondary with unique VC integration OR you can have individual NSX sites and in that case you need 3 controllers for every vSphere site. Below picture depicts the same . If you are asking for Controller HA, recommended config is to deploy it on individual hosts with DRS anti-affinity rules ,you will need to replicate the rule config on every site so that during fail over scenario we don't end up with all the eggs residing on same bucket assuming you have enough hosts across all the sites and network/security configurations are consistent.

pastedImage_1.png

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
sawag
Enthusiast
Enthusiast
‎10-21-2017 04:32 AM
Jump to solution

Thank you so much Sreec for sharing such useful information. In our case we will not have multisites but different environments in the same datacenter. Different environments are  development, integration, onboarding, staging and production and all the 5 environments will be in the same datacenter. Moreover, we will have around 120 physical hosts in production, 50% in stahging and 20% physical hosts for the remaining environments. Do we have any guide for NSX maximum or just NSX sizing calculation?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎10-21-2017 12:44 PM
Jump to solution

Appreciate for providing that clarity. There no sizing calculator which will give you clear specs requirement. As you know there are broad range of network/security services that is possible with NSX. Since you are already planning to engage PSO  for now you may please check https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virt...

Unfortunately there are no official max/minimum guide which covers full features.But you can have a look at NSX Maximum

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
sawag
Enthusiast
Enthusiast
‎10-22-2017 07:24 AM
Jump to solution

Thank you Sreec for sharing such a very useful information. Please keep in touch. I may need more info from you.

Thank you again.