VMware Networking Community
eccl1213
Enthusiast
Enthusiast
Jump to solution

Subnets for NSX Components

I haven't found a clear guide on where each NSX Components should sit in relation to my other management networks.

For example, should the NSX manager be on the same subnet as my vCenter?  Should the Manager, Controllers and VTEPs be on the same?

Basically I'm trying to build the following table.  This will be for our dedicated NSX manager cluster

I want to keep the underlying physical network as simple as possible so I'm trying to decide what management pieces can be safely combined.

Host Management = VLAN 100 (subnet 192.168.1.0)

vMotion = VLAN 101 (subnet 192.168.2.0)

Storage = VLAN102 (subnet 192.168.3.0)

NSX Manager = VLAN XX (subnet 192.168.x.0)

NSX Controller = VLAN XX (subnet 192.168.x.0)

VTEP = VLAN XX (subnet 192.168.x.0)

vCenter VLAN XX (subnet 192.168.x.0)

Can anyone help fill in the blanks on what the best practice would be?  We are not huge...10 host in our compute cluster all with dual 40GB adapters.

Reply
0 Kudos
1 Solution

Accepted Solutions
jorge_luis_hern
Enthusiast
Enthusiast
Jump to solution

Hi eccl1213‌,

If you main wish is maintain you underlying network simple, I think you need to avoid using so many vlans and IP subnet. VMware recommend as best practice use and management cluster, and as usual we only use 1 vlan/IP subnet for all management stuff (vCenter Server, Domain Controller, DNS, management network for the ESXi, etc.)

If you use one VLAN/IP subnet for your hosts management network, and another different for your vCenter Server, you will need to routing all the traffic between vCenter and the esxi (vpxd to vpxa and vice versa) depend of your physical topology will be costly (because maybe the intervlan routing decision is not taken in the ToR switch, and maybe this traffic need to flow to core, etc.)

In the VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 page 104, you can view and example.


I would do it like this:


Management Network = VLAN 100 (subnet 192.168.1.0)

vMotion = VLAN 101 (subnet 192.168.2.0)

Storage = VLAN102 (subnet 192.168.3.0) (Depend of your IP storage vendor and of course the protocol used for that, maybe you will need different VLAN/IP subnets for best practice)

NSX Manager = VLAN 100 (1 IP from the Management Network subnet: remember is only 1 NSX Manager per vCenter)

NSX Controller = VLAN 100 (3 IPs from the Management Network subnet)

VTEP = VLAN 103 (subnet 192.168.4.0)

vCenter = VLAN 100 (another IP from the Management Network subnet)

I hope this help you,

Jorge Hernández

VCP5-DCV, VCP6-DCV, VCP6-NV, VCAP5-DCA/DCD, VCIX-NV, VCI

View solution in original post

Reply
0 Kudos
3 Replies
jorge_luis_hern
Enthusiast
Enthusiast
Jump to solution

Hi eccl1213‌,

If you main wish is maintain you underlying network simple, I think you need to avoid using so many vlans and IP subnet. VMware recommend as best practice use and management cluster, and as usual we only use 1 vlan/IP subnet for all management stuff (vCenter Server, Domain Controller, DNS, management network for the ESXi, etc.)

If you use one VLAN/IP subnet for your hosts management network, and another different for your vCenter Server, you will need to routing all the traffic between vCenter and the esxi (vpxd to vpxa and vice versa) depend of your physical topology will be costly (because maybe the intervlan routing decision is not taken in the ToR switch, and maybe this traffic need to flow to core, etc.)

In the VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 page 104, you can view and example.


I would do it like this:


Management Network = VLAN 100 (subnet 192.168.1.0)

vMotion = VLAN 101 (subnet 192.168.2.0)

Storage = VLAN102 (subnet 192.168.3.0) (Depend of your IP storage vendor and of course the protocol used for that, maybe you will need different VLAN/IP subnets for best practice)

NSX Manager = VLAN 100 (1 IP from the Management Network subnet: remember is only 1 NSX Manager per vCenter)

NSX Controller = VLAN 100 (3 IPs from the Management Network subnet)

VTEP = VLAN 103 (subnet 192.168.4.0)

vCenter = VLAN 100 (another IP from the Management Network subnet)

I hope this help you,

Jorge Hernández

VCP5-DCV, VCP6-DCV, VCP6-NV, VCAP5-DCA/DCD, VCIX-NV, VCI

Reply
0 Kudos
eccl1213
Enthusiast
Enthusiast
Jump to solution

Thanks for the reply.

Yes, that is what I was attempting to do.  I just wasn't sure it was a best practice.  Most of that makes sense.

Is there a specific reason the VTEP is still separate from the other management devices?

Reply
0 Kudos
jorge_luis_hern
Enthusiast
Enthusiast
Jump to solution

No any specific reason for use VTEP separately, at least I know, the benefit I say using VTEP in separate VLAN/IP Subnet is using different IP subnet we can take advantage of a custom TCP/IP stack used with vxlan, and use different gateway for instance to provide different rack with different VTEP segment, confine al L2 traffic in ToR, use a Leaf/Spine topology with a clear limit between L2 and L3, this aprox allow us to use routing between leaf (access) and spine (aggregation) and use ECMP for a better use of the bandwidth in the switch fabric, every rack can be a domain of failure, no need to span the VTEP vlans for all the data center, and maybe would be my first point: segmentation, no mix management with vxlan traffic, etc.

Jorge Hernández

Reply
0 Kudos