VMware Networking Community
AntonioPA
Contributor
Contributor
‎02-09-2022 01:05 AM

NSX-T VLAN backed segments, what are their limitations?

Hi all

I wonder what are the limitations of connecting NSX-T VLAN backed segments to a T0 or T1 as described in https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-BB4D26AD-AF81-4B7C-AA4A-...

Reading the above link these VLAN-backed segments can be routed normally when connecting these ports to a T0 or T1. It also seems that the E-W and Gateway firewalls should work as well.

Could anybody confirm these?

Are there any limitations?

Thanks in advance!

       Ulises

Reply
0 Kudos
5 Replies
shank89
Expert
Expert
‎02-09-2022 01:27 AM

Hi

This is a guide to configure centralised service ports and not downlink or overlay routed segments.

In saying that, you can definitely still use VLAN backed segments for micro segmentation. You just will not be leveraging NSXT logical routing and Overlay.

 

Cheers 

 

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
Reply
0 Kudos
AntonioPA
Contributor
Contributor
‎02-09-2022 03:20 AM

You mean that It is not possible to route between a VLAN backed segment and an overlay segment?

Reply
0 Kudos
shank89
Expert
Expert
‎02-09-2022 03:43 AM

Depending on how you configure your VLAN segments, the gateway for these are normally on the physical network.

So your typical VLAN routing for those and then to communicate with overlay networks and workload would have to ingress through the edge nodes and into NSX-T.  If you chose to use a services port, then plan for the gateway accordingly.

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
Reply
0 Kudos
AntonioPA
Contributor
Contributor
‎02-09-2022 11:25 AM

Many thanks Shashank

 

I meant routing using NSX-T routing directly between VLAN-backed segment and and overlay directly using Tier-1 Gateway. I thought that was the purpose when the UI allows you to specify ie: a Tier-1 Gateway when creating a VLAN-backed segment.

So if direct routing is not allowed... what is the purpose of allowing specifying a Gateway when creating the VLAN-backed segment?

Reply
0 Kudos
shank89
Expert
Expert
‎02-09-2022 01:25 PM

As mentioned if you use the service port it acts as an l3 gateway for the subnet, instead of using a physical gateway on the network. You just have to change your route point in your topology to the logical gateway in nsx, apologies, I may not have made that too clear.

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
Reply