VMware NSX-V: Control Plane Resiliency with CDO Mode

VMware NSX-V: Control Plane Resiliency with CDO Mode

Author: Humair Ahmed

Please send feedback to hahmed@vmware.com

Some of the information provided in this technical white paper has also been posted prior on the VMware Network Virtualization Blog post here describing CDO mode generally and the benefits.

NSX-V 6.3 introduced many new features. On the VMware Network Virtualization blog post, NSX-V 6.3: Cross-VC NSX Security Enhancements, several new Cross-VC NSX security features are discussed. In this paper, another new feature called Controller Disconnected Operation (CDO) mode, which provides additional resiliency for the NSX control plane, is discussed. The features discussed in the mentioned blog posts and within this document become especially important in multi-site deployments. Note, in NSX-V 6.3.1, CDO mode is a tech preview feature. The feature GA’ed in NSX-V 6.3.2.

S

Attachments
0 Kudos
Comments
RenxiaoChen
‎06-20-2018 11:14 PM
‎06-20-2018 11:14 PM

When CDO mode is enabled, a CDO logic switch is created and there is a Global VTEP list. But how the Global VTEP list works, and why the existence of this Global VTEP list, VMs on the host can communicate, do not understand.

Can you explain it to me?

furryhamster
‎07-26-2018 02:08 PM
‎07-26-2018 02:08 PM

If the controllers disconnect and then a VM is migrated/powered on to a host that was not previously connected to the logical switch (because it was not running any VM's on that logical network/VNI), that host will not have sent it's VTEP IP to the controllers in the form of a VTEP report. The controllers in turn, will not have been able to inform the other ESXi hosts that this host was/is a member of the VNI/Logical switch. As a result, hosts cannot send BUM traffic from VM's to this host, as they do not know they are meant to. Likewise, the host has not received a VTEP report from the  controllers giving it the VTEP IP's of the other hosts, so the VM cannot send traffic as the destination VTEPs can't be identified . CDO mode ensures that every host is ALWAYS part of a special CDO switch and that every host has a copy of all other hosts VTEPS as a result. BUM traffic can now be steered to all VTEPS in the CDO VNI, allowing traffic to flow because every host in the transport zone is ALWAYS a member of this VNI and the VTEP reports are always up to date.

RenxiaoChen
‎10-22-2018 06:24 AM
‎10-22-2018 06:24 AM

Thank you for your answer.There is one more question. When the controllers disconnect, are the traffics from all virtual machines transmitted through the CDO Logical switch  ? And not through their original Logical switch(e.g VXLAN 5001)

furryhamster
‎01-18-2019 02:08 AM
‎01-18-2019 02:08 AM

I believe the usual switch is used, not the CDO switch and that we just use the vtep list created via that switch.

Version history
Revision #:
1 of 1
Last update:
‎08-04-2017 05:33 AM
Updated by:
Contributor
 
View Article History