6 Replies Latest reply on Jul 10, 2018 6:49 PM by m1xed0s

    can not connect multiple DLR to same logical switch?

    m1xed0s Novice

      I was on HOL-1803-03-NET and configured L2 Bridge with a dedicated DLR (between web-tier LS and L2Brige VDS). However when I try to connect the same web-tier LS to another DLR, I got error below.

      1.JPG

      Is this by design OR just limitation on that particular HOL? If it is by design, how do I accomplish multiple DLR internal LIFs connecting to the same network, using VDS instead of LS? A good example would be ECMP...

       

      I am trying to understand why? Please advise!

        • 1. Re: can not connect multiple DLR to same logical switch?
          Bayu Wibowo Master
          Community WarriorsUser ModeratorsvExpert

          Hi

           

          It is by design that connecting multiple DLRs to a common VXLAN segment/logical switch.

          Below scenario is taken from the the VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 where connecting multiple DLRs to a common logical switch peering to an NSX ESG is not supported.

          Could you explain more about this > Is this by design OR just limitation on that particular HOL? If it is by design, how do I accomplish multiple DLR internal LIFs connecting to the same network, using VDS instead of LS? A good example would be ECMP...

           

          You may want to review some points from this doc: Add a Logical (Distributed) Router

          • A logical router cannot be connected to VLAN-backed port groups if that logical router is connected to logical switches spanning more than one vSphere distributed switch (VDS). This is to ensure correct alignment of logical router instances with logical switch dvPortgroups across hosts.
          • Logical router interfaces should not be created on two different distributed port groups (dvPortgroups) with the same VLAN ID if the two networks are in the same vSphere distributed switch.
          • Logical router interfaces should not be created on two different dvPortgroups with the same VLAN ID if two networks are in different vSphere distributed switches, but the two vSphere distributed switches share the same hosts. In other words, logical router interfaces can be created on two different networks with the same VLAN ID if the two dvPortgroups are in two different vSphere distributed switches, as long as the vSphere distributed switches do not share a host.
          • If VXLAN is configured, logical router interfaces must be connected to distributed port groups on the vSphere Distributed Switch where VXLAN is configured. Do not connect logical router interfaces to port groups on other vSphere Distributed Switches.

           

          To understand more about DLR topologies, you can review VMworld 2017 US session on NET1416BU - NSX Logical Routing - YouTube

          Slide deck: https://static.rainfocus.com/vmware/vmworldus17/sess/1489171765260001Okf1/finalpresentationPDF/NET1416BU_FORMATTED_FINAL…

          Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV, Cisco Champion, AWS-SAA
          Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
          https://nz.linkedin.com/in/bayupw | twitter @bayupw
          • 2. Re: can not connect multiple DLR to same logical switch?
            m1xed0s Novice

            Thanks for the extra information. The reason I asked about ECMP in my post was because the scenario that I want to use DLR instead of ESG for ECMP. How can I connect lif on multiple DLRs to the same LS then? Have to use VDS portgroup in the case?

            • 3. Re: can not connect multiple DLR to same logical switch?
              Bayu Wibowo Master
              vExpertCommunity WarriorsUser Moderators

              Hi could you explain more what are you referring to "use DLR instead of ESG for ECMP"?

              In NSX topology with ECMP, both DLR and ESGs will be ECMP enabled as shown in below diagram.

              DLR ECMP enabled peered to 8 ESG and ESG ECMP enabled peered with DLR and Physical Router

              nsx-for-vsphere-logical-routing-deep-dive-30-1024.jpg

              Or are you saying you want to connect DLR directly to the physical router?

              I would avoid using VLAN LIF (connecting DLR to VLAN-backed portgroup) whenever possible

              Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV, Cisco Champion, AWS-SAA
              Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
              https://nz.linkedin.com/in/bayupw | twitter @bayupw
              • 4. Re: can not connect multiple DLR to same logical switch?
                m1xed0s Novice

                From your reference diagram, how to connect DLR instances to VXLAN 5020 if one LS can not be used by multiple DLRs?

                 

                My scenario is more or less below in the attached picture.

                Drawing1.jpg

                • 5. Re: can not connect multiple DLR to same logical switch?
                  Bayu Wibowo Master
                  Community WarriorsvExpertUser Moderators

                  In the diagram, there is only one DLR connected to a logical switch on VXLAN 5020 so that would not be an issue.

                  You have DLR in the middle as the north-south point between the tenants to provider ESG.

                  If this is pure north-south, you should not use DLR for that, DLR should be for east-west for VMs.

                  In multiple tenant environment, you should have something similar to below instead

                  nsx-for-vsphere-logical-routing-deep-dive-34-1024.jpg

                  If you want to keep your topology it would be something like below (sorry I don't have a diagram, hope this is understandable):

                   

                  1 Internet

                  |

                  2 Provider ESG HA Pair

                  |

                  3 ESG ECMP

                  |

                  4 Tenant ESGs

                  |

                  5 logical switch for VMs or Tenant DLRs

                  |

                  6 If you have DLR in #5, then logical switches for VMs will be here connected to DLR

                  Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV, Cisco Champion, AWS-SAA
                  Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
                  https://nz.linkedin.com/in/bayupw | twitter @bayupw
                  • 6. Re: can not connect multiple DLR to same logical switch?
                    m1xed0s Novice

                    Thanks for the info. I am aware DLR is for east-west traffic but not aware that it cannot be used for North-south...