sguadamu1's Posts

Hello Enter123. I will ask the following. Are you using DFW in your infrastructure?  If you make a new vm, does it fail too? Are the issues happening in north-south traffic and east-west traffic? As i understand, if you connect your VM to an overlay segment it fails, but when you connect it it works?  I wil test the following: - Put two vms in the same host using the same segment and ping. - vmotion one vm to a different host and test the ping. - ping a different vm or reuse one of the previous vms and put it on a different overlay nsx segment.  Checking this we can determine if you have issues with your T1. Best Regards.

Hello Daoudy,  Thanks for the information. Check the VDS, as you can see, the mgmt has an specific vlan attached to it, if you check the VMK they are attached to specific vlans. Check the vlans because what I am thinking is that the vlan is not allowed.   Best Regards. SG  

Hello Daoudy. Quick question are you using the same vmk for the vm traffic? Normally, you have your mgmt traffic assign to an specific vmk and the vms traffic to a different one. If you are using the same vmk, is it trunked at the vmk/vmnic and also at the Tor Switch? Also, do you have any other ip segments working? Best Regards. SG

Adding to this answer which is very good. Yes, the traffic will continue working because the dataplane runs in the ESXi hosts. In the case your whole cluster crashes, you wont be able to add any new NSX-T component such as, Edges, T0-T1 or segments but the current configuration will continue to work with no issues. Best Regards. SG

Hello Keijd Question: 1. If all NSX-T Manager Nodes fail a. What will happen to my policies? b. What will happen to my VMs? A/ NSX-T design contains 3 NSX-T manager, which share the same DB (Corfu DB) which will be sure that all the 3 managers have the same information. So if one node fails, you can remove it and redeploy a new NSX-T manager and you will be fine to continue. Important is, that your infrastructure will continue working but the Cluster will show as degraded.  2. Given that the manager and the controller is on the same appliance already what's the implication if all the manager node fails? A/ Same answer, NSX-T has tree nodes and theses tree nodes have manager and control planes running in the same VM,s. So is a node fails, your infrastructure will continue to run. 3. Is there a difference in the outcome if you are using VDS as compared if you are using an N-VDS? A/ N-VDS is getting deprecated, so you will use NSX portgroups in your VDS. Hope this helps. SG

Good afternoon, hope you are fine. What you will have is a DVS, this DVS (Distributed Virtual Switch) will be used by all the hosts that you define. My question is, is the DFW going to use for north - south traffic only, or is it going to be used for east - west traffic as well? If this is the scenario, you will need to use NSX. Best Regards. SG

Hello. As far as I know, the way to use your VXLAN will be using a L2 VPN. And here is my reasons: - If you want to use VXLAN inside your DC you will need to use NSX-V, which is not longer supported. - NSX-T (now in NSX-T version 4, is re-branded as NSX only) uses Geneve. - In the internal communication, we have the concept of transport zones, you are going to have overlay and vlan ones. The overlay is the internal transport zone for overlay VNIS and the VLAN is the transport zone for the uplinks. - Now, there is the concept of Federation,  https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-D5B6DC79-6733-44A7-8072-50221CF2122A.html with federation we can have multiple sites using global devices. But to answer your question, in order to have overlay you need NSX to achieve it. Hope this answers your question. Best Regards. SG  

Hello,  Just to understand your scenario. here is the topology (assuming)  VM -> ESXi -> TOR switch (here occurs the encapsulation) -> internet -> TOR switch (de-encapsulation occurs) -> ESXi -> VM From VM to TOR switch is going to be VLAN, TOR switch needs to encapsulate VXLAN and the destination TOR switch de-encapsulates the encapsulation and then we are going to vlan traffic again. The TOR switches are the responsible ones for the encapsulation process.  NSX will provide the overlay inside the DC or as mentioned, you can use the standalone edge and run a L2 VPN. Now, my question is, you are not using overlay inside your DC and why are you planning to overlay over the WAN.   Best Regards. SG    

Hello. Not sure about what are you planning to do, because, VXLAN is an overlay L2 over L3.  Now, VXLAN uses VNIs (virtual network identifiers) which are not vlan. So if you want to use overlay inside your DC you need NSX. Also, just as reminder, NSX uses Geneve instead of VXLAN. If you want to use pass VXLAN over the WAN I will suggest to install an autonomus NSX edge: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-BE8A3D3C-5E0D-4777-B4F4-908E64FCB771.html   Using this possible workaround, you can pass VLAN/VXLAN using a L2 VPN. https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-86C8D6BB-F185-46DC-828C-1E1876B854E8.html Hope this helps. SG

Hello. You are having access to the management because you are using the VMkernel for management, VMware has vmkernel for differente purposes, and one of it is management. You can check the vmkernel configuration in the ESXi host and once you identify the vmkernel, yu can determine the vmnic (physical adapter) that is it using for this purpose.  Also, you need to be sure how many vmnic does the host has, and you need to check the configuration in the DVS, checking the DVS you are going to check the vmnic adapter configuration. My advice will be to configure the interfaces as trunk to confirm that the connectivity between the host and the TOR switch is working fine. Once it is confirmed, please change to config to the required vlan tagging. Best Regards. SG  

Hey Scott,  It will be NSX-V / T. It is a VMware product which contains DFW (Distributed Firewall) which is used for traffic East-West inspection. Also NSX has Gateway Firewall wich is used for traffic North - South inspection.  And I was just wondering if there was new FW rule blocking the traffic.   Best Regards. SG