multi site ESG recovery

BrandonArms · ‎11-19-2015

i have a multi site environment using the nsx 6.2 cross vcenter architecture. if i am using the ESG as my internet perimeter with firewall/nat/sslvpn/ipsecvpn ,etc in my primary site, how do i recover that configuration on the esg in my secondary site?

smitmartijn · ‎11-21-2015

Hi Brandon,

Currently, ESG configuration is not synchronised between different NSX Managers; there is no Universal ESG (yet). But that doesn't have to be the case, as you can use Local Egress to create a setup where you have a dedicated running ESG per site and be active for that site. You'll need to use dynamic routing upstream to your provider and use priorities to facilitate the failover between sites and route all traffic through the active site. Not ideal though.

Personally I would do the failover on a higher level, like using DNS.

More information on the local egress: https://networkinferno.net/ingress-optimisation-with-nsx-for-vsphere

BrandonArms · ‎11-23-2015

understood and i have been able to successfully achieve local egress between locations. my question centers around a DR scenario when you are using the ESG as your internet perimeter and need to migrate firewall/nat/vpn configs from the ESG at your primary site to the secondary site. how is that accomplished? i assume i can do this by building vRA workflows and use the API. the better option, at this point, seems to be to design a stretched cluster between my 2 locations and deploy HA ESG. i lose local egress but my ESG's can then sync between sites.

All

multi site ESG recovery