ddesmidt's Posts

Short easy answer: . "1 arm mode" equals "Non-Transparent" in NSX Edge and does SNAT (client-IP@ is replaced by Edge-IP@ - server will still see sce-IP@=Edge-IP@) . "In-Line mode" is sometimes also called "2-arms mode" and equals "Transparent" in NSX Edge where there is no SNAT (client-IP@ is not replaced by Edge-IP@ - server will still see sce-IP@=Client-IP@) Dimitri

I understand you are using the NSX-v (for vSphere). This document refers to the NSX-MH (Multi-Hypervisor) integration with some Juniper and do not apply to NSX-v. That said you still didn't explain why you wanted to get the L2 VXLAN/VLAN done on the Juniper instead of the NSX native? Is it because you have more than 14Gbps per VXLAN/VLAN throughput? Or is it just because you want to get it on Juniper but no real technical reason. Note: If that's the latter, then:      . you'll have to have specific Juniper hardware / release (check with Juniper what model/release)      . you'll have to use NSX-MH and not NSX-v (which means you won't have advanced NSX-v logical network and security services such as Load Balancer, or Stateful Firewall, VPN/IPSEC)      . you'll also lose NSX-MH distributed routing function, security port-isolation capabilities, and troubleshooting traceflow capabilities Dimitri

You want to show it via an external device. What is the need? Is it because you have a need of more that 14Gbps for a specific VXLAN/VLAN? If your need is 14Gbps or less throughput for a specific VXLAN/VLAN, then the configuration will be MUCH simpler if done in software on the NSX native capabilities. Dimitri

"I'm using NSX-v when I should use NSX-MH, right ?" I guess you want to configure L2 connectivity between a "Logical (VXLAN)" and "Physical (VLAN)". For that if you ask me, you do NOT need to use the ToR for that. In both NSX flavors (NSX-v and NSX-MH), there is a built-in capability to offer L2 logical/physical. And at actually very high scale since done in kernel and not VM. NSX-v offers up to 14Gbps per VXLAN/VLAN (if you have a NIC + NIC driver with VXLAN offload like "Intel 82599 EB"). The feature is called L2 bridging and is available under DLR. Do you need more than 14 Gbps for a specific VXLAN/VLAN? Dimitri

As mentioned DmitriK, there is no built-in integration between ToR and NSX-v (only NSX-MH). Can you clarify if you are testing with NSX-v (NSX for vSphere) or NSX-MH (NSX Multi-Hypervisor)? Dimitri

NSX Controllers are in charge of: Logical Switches (VXLAN) The dynamic routing (OSPF / BGP) of Distributed Logical Routers In other words, if you do use: VLAN (and not VXLAN) Edge DLR without dynamic routing Then you do not need Controllers. Dimitri

Edge does some AppRule sanity check to avoid mis-configuration. The parser is not always perfect and is improved each release. On your specific AppRule: reqirep ^Host:\ portal.abc.com Host:\ vcac.domain.local I tested it on NSX-v 6.1.1 and it worked fine Note: I'm not an expert on vCAC but if you want to rewrite the redirect from the server response then the AppRule to use is with "rspirep" command. If you look at using that command, wait for 6.1.2, since there is a syntax error in the usage of that command that will be fixed in 6.1.2. Dimitri

NSX is very flexible. So you could do:      External         |       Edge        / \   LS-Web LS-App The Edge will do L3 (routing) + Routing + FW Pros:   . Most likely very similar to what you have been doing for years in the physical world   . No need for SNAT (Edge LB configured in Transparent mode under Pools) Cons:   . Don't benefits the unique NSX features like Distributed L3 You could also do:      External         |       Edge1 (optional)         |      DistL3        / \   LS-Web LS-App     |       |   Edge2   Edge3 Edge1 (optional): will be there is you want services like NAT, VPN, and if all your ESXi do not have all a physical NIC connected to external. Edge2: will be there to do LB of the Web servers (with SNAT) Edge3: will be there to do LB of the App servers (with SNAT) Note: Edge2 + Edge3 could be combined to limit the # of Edges Pros:   . Enjoy Dist-L3 for direct communication from Web-Servers to App-Servers   . Security between LS-Web and LS-App is offered via Dist-FW Cons:   . require SNAT (Edge LB configured not in Transparent mode under Pools) There is more information on LB in the NSX Design Guide here. Dimitri

What version of NSX-MH are you using? I followed the same steps you did with success. Note: 192.168.30.11 is my NSX-MH Controller. Authentication =========== root@localhost:~# curl -k -c cookies.txt -d 'username=admin&password=admin' https://192.168.30.11/ws.v1/login Successful Authentication. You successfully authenticated.  Use the cookie in this reply in future requests. root@localhost:~# cat cookies.txt # Netscape HTTP Cookie File # http://curl.haxx.se/rfc/cookie_spec.html # This file was generated by libcurl! Edit at your own risk. 192.168.30.11   FALSE   /       TRUE    0       nvp_sessionid   b3e3387c0c17bb1fb9c3702cbecca589 Request to get the Transport Zone ========================= root@localhost:~# curl -k -b cookies.txt -s https://192.168.30.11/ws.v1/transport-zone {"results": [{"_schema": "/ws.v1/schema/TransportZone", "_href": "/ws.v1/transport-zone/349106cf-d4e0-439c-9b52-d123d837908a"}], "result_count": 1}root@localhost:~# # I like the display better with "python -m json.tool" root@localhost:~# curl -k -b cookies.txt -s https://192.168.30.11/ws.v1/transport-zone  | python -m json.tool {     "result_count": 1,     "results": [         {             "_href": "/ws.v1/transport-zone/349106cf-d4e0-439c-9b52-d123d837908a",             "_schema": "/ws.v1/schema/TransportZone"         }     ] } Can you give your output?