4 Replies Latest reply on Feb 12, 2018 6:14 AM by tanurkov

    NSX and vMSC

    mikew123 Novice

      Hello,

       

      I read document "Multi-site Options and cross-VC NSX design guide". As per page 15, it mentions below:

       

      It’s also possible to deploy an active-active Egress solution using universal objects with the Local Egress feature; in this case only static routing is supported. In both cases active workloads can reside at both sites. The active/passive model is preferred for simplicity and to avoid asymmetric traffic flows. The ESGs at a single site can also be deployed in HA mode if stateful services are required.

       

      So, "active/passive" model is recommended for vMSC. But that means, only one site can be used for for south-north traffic. The external network of the other site is in standby mode. The access to the applications on the other site needs go through interconnect between the two data centers. Is that true?

       

       

      Thanks

      Mike

        • 1. Re: NSX and vMSC
          Bayu Wibowo Master
          Community WarriorsUser ModeratorsvExpert

          Hi Mike, access to applications is north-south traffic (ingress traffic) e.g. from WAN to data centre and typically handled in the physical network outside of NSX.

          Depending on the physical network but if a particular network is advertised on the active site, then the traffic would come from active site.

          If there are some applications running on the passive site that need to be accessed, the traffic would come from active site then traversing through the data centre interconnect to reach applications in passive site.

           

          These two blog posts may be useful for you:

          Elver's Opinion: DC Ingress Traffic with Stretched Layer 2

          http://networkinferno.net/ingress-optimisation-with-nsx-for-vsphere

          Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV, Cisco Champion, AWS-SAA
          Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
          https://nz.linkedin.com/in/bayupw | twitter @bayupw
          • 2. Re: NSX and vMSC
            mikew123 Novice

            Thank you. The two posts are very helpful.

            After read the first post, I understand that the ingress traffic issue is not specific to NSX configuration. A physical stretched L2 network have the same issue too.

             

            So, I got one more question. I believe there is something need to be done after a failover:

             

            For a physical stretched L2 network, after a site failover, we need advertise the same subnet on the DR site at least. Who will do this? administrator does it manually, or there is certain automatic way?

             

            For a NSX virtual network, after a site failover, we need: (1) bring up the passive ESG on DR site; (2) advertise the same subnet on DR site;  Again, will be handled by NSX automatically, or administrator needs to be involved?

             

            Thanks

            Mike

            • 3. Re: NSX and vMSC
              Bayu Wibowo Master
              User ModeratorsvExpertCommunity Warriors

              Hi Mike,

               

              For an active/passive setup, you can leverage dynamic routing (OSPF or BGP) to handle the route advertisement.

              You can pre-create the Edges and have Control VM peering with both active and passive Edges on the two sites and use dynamic routing weight to handle the failover automatically.

              Below is the diagram

               

              Or you can use vSphere HA in vMSC and just deploy Edges at the active site and use vSphere HA to failover the Edges to the other site as shown in below diagram.

               

              This is also covered in NSX-V Multi-site Options and Cross-VC NSX Design Guide page 125

              Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV, Cisco Champion, AWS-SAA
              Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
              https://nz.linkedin.com/in/bayupw | twitter @bayupw
              • 4. Re: NSX and vMSC
                tanurkov Enthusiast

                The main reason for recorded that NSX had some bad "bug" which was not dealing with Ingres and Egress traffic correctly.

                and documentations says that you can use it but what is hidden that is some scenarios traffic will be dropped .

                and second is of course of physical environment need to be setup accordingly to NSX to support Active/active , like BGP local pref or prepending solutions.

                 

                Regards Dmitri