VMware Networking Community
TheVMinator
Expert
Expert
Jump to solution

NSX Transport Zones

When, if ever, should I put clusters in different transport zones?  If I have two ESXi clusters that belong to two different business units that are separated for security purposes, is that a good case for using separate transport zones?

Reply
0 Kudos
1 Solution

Accepted Solutions
DKalintsev
Contributor
Contributor
Jump to solution

Reply
0 Kudos
3 Replies
showard1
Enthusiast
Enthusiast
Jump to solution

Two VXLANs in different Transport Zones are not inherently more separate or secure than two VXLANs in the same Transport Zone.  There used to be more use cases like if two VXLANs needed different replication types, but you can just do that per VXLAN now anyway.  Nowadays, the only two reasons I ever do it:

1.     One TZ in a site is Universal and one isn't.  Only certain VXLANs in the scenario need to span to other site(s).

2.     For whatever administrative reason, I don't want certain VXLANs showing up on certain clusters.  Maybe I have a development cluster that needs VXLANs within it, but I don't want the devs who have control of that cluster attaching VMs to prod VXLANs.  I might create separate TZs for Dev and Prod. 

DKalintsev
Contributor
Contributor
Jump to solution

I wrote about it a while ago; I think it's still valid:

NSX for vSphere: Understanding Transport Zone scoping | Telecom Occasionally

Reply
0 Kudos
TheVMinator
Expert
Expert
Jump to solution

ok great article -thanks!

Reply
0 Kudos