VMware Networking Community
AlbertColl
Contributor
Contributor
‎05-03-2022 02:40 AM
Jump to solution

VRF Lite extended to Tier-1 segments

Hi,

Is it possible to extend VRF Lite feature to T1 routers on a per-segment basis?

All documents I've seen, including the latest NSX-T V3.-2 Admin Guide, terminates VRF Lite on T0 segments. So that every connected T1 instance must entirely belong to a single VRF. I would like to know if any latest -or upcoming- NSX-T version admits extending VRFs over T1 segments too. 

I've got an scenario which its potential VRF growth would cause its consequent T1 instances increase, since LB could be a requirement. If I could setup T1 segments on a per VRF basis, this would avoid defining so many Tier-1 instances.

Regards in advace.

 

Labels (1)
Labels

  • Hi

0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎05-03-2022 11:43 AM
Jump to solution

Yes, you are right. One of the simple approach is to have a dedicated T1 per tenant for VM-based workloads. This design is highly scalable as well https://configmax.esp.vmware.com/guest?vmwareproduct=VMware%20NSX&release=NSX-T%20Data%20Center%203....  (1,000 T1), also your current VRF count is not so alarming, I have worked a lot with a service provider based design which had 70+ VRF during the initial stage itself. If you are concerned, you must evaluate https://blogs.vmware.com/networkvirtualization/2022/03/multi-tenancy-datacenter-with-nsx-evpn.html/ to start considering EVPN based approach based on the use case which also tightly align with the current MPLS design. Like any other technology or design, we need to find the right balance and design accordingly. 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

3 Replies
Sreec
VMware Employee
VMware Employee
‎05-03-2022 07:21 AM
Jump to solution

Let's assume T1 supports VRF in the near future, you would still need end-end segregation, if not you will end have all routes in one or more VRF (T0) based on the design and that will defeat the majority of VRF design. T1 is already doing this and it's easy to achieve multi-tenancy. I guess there is a design flaw in your case.  My recommendation would be to stick with T1 and VRF mapping design and explore NSX-ALB for Load balancing functionalities. Is this a vSphere with NSX-T only design? 

I've got a scenario in which its potential VRF growth would cause its consequent T1 instances to increase since LB could be a requirement. 

If you wish to get more insight, Can you brief this requirement a little more? 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
AlbertColl
Contributor
Contributor
‎05-03-2022 08:24 AM
Jump to solution

This a new design from scracth of a NSX-T deployment connecting to an MPLS network. VRFs are already defined at the MPLS PE's and fully isolated to each other from the MPLS MP-BGP perspective.
So, keeping such VRF end-to-end segregration through the NSX environment can be achieved by simply setting up these VRFs on T0 and defining one BGP session per VRF to each PE, including also dedicated vlans & subnets for each. Under this scenario, defining one T1 instance per VRF is in my opinion the simplest approach.

Currently we roughly expect less than 10 VRF, but such amount can grow in the future . So I simply try to figure out some way to optimize the amount of T1 instances to define.

Regards.

0 Kudos
Sreec
VMware Employee
VMware Employee
‎05-03-2022 11:43 AM
Jump to solution

Yes, you are right. One of the simple approach is to have a dedicated T1 per tenant for VM-based workloads. This design is highly scalable as well https://configmax.esp.vmware.com/guest?vmwareproduct=VMware%20NSX&release=NSX-T%20Data%20Center%203....  (1,000 T1), also your current VRF count is not so alarming, I have worked a lot with a service provider based design which had 70+ VRF during the initial stage itself. If you are concerned, you must evaluate https://blogs.vmware.com/networkvirtualization/2022/03/multi-tenancy-datacenter-with-nsx-evpn.html/ to start considering EVPN based approach based on the use case which also tightly align with the current MPLS design. Like any other technology or design, we need to find the right balance and design accordingly. 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered