4 Replies Latest reply on Jan 3, 2019 2:17 AM by vSohill

    DLR and North south traffic

    vSohill Hot Shot

      Hi,

      why DLR is not meant to be used for N-S traffic ?

        • 1. Re: DLR and North south traffic
          Sreec Master
          vExpertCommunity Warriors

          First and foremost ,  both ESG and DLR perform routing , considering the feature rich services available in ESG (Routing/LB/NAT etc), it is primarily considered as a N-S facing device. DLR data plane is distributed in ESXI kernel modules , while only the control plane exists in a VM  and it makes perfect sense to place the DLR as next hop devices for Virtual machines , that way VM-VM routed traffic can be optimized. When we say optimizing, we are reducing the latency. Below picture depicts a routing data flow.

           

          • 2. Re: DLR and North south traffic
            vSohill Hot Shot

            Thank you Sreec,

            I am not going to use LB or NAT just routing, Do I need to use the Edge in this case for north south traffic ?

            • 3. Re: DLR and North south traffic
              Sreec Master
              Community WarriorsvExpert

              I would still recommend NSX Edge ,considering the limitation of DLR and supported topologies. Also when we scale , especially for multitenant tenant and cross VC setup , Edge is a perfect candidate for sending transit routes to upstream devices.

               

              Copy paste from VMware Doc :

              • A given logical router instance cannot be connected to logical switches that exist in different transport zones. This is to ensure that all logical switches and logical router instances are aligned.
              • A logical router cannot be connected to VLAN-backed port groups if that logical router is connected to logical switches spanning more than one vSphere distributed switch (VDS). This is to ensure correct alignment of logical router instances with logical switch dvPortgroups across hosts.
              • Logical router interfaces must not be created on two different distributed port groups (dvPortgroups) with the same VLAN ID if the two networks are in the same vSphere distributed switch.
              • Logical router interfaces should not be created on two different dvPortgroups with the same VLAN ID if two networks are in different vSphere distributed switches, but the two vSphere distributed switches share identical hosts. In other words, logical router interfaces can be created on two different networks with the same VLAN ID if the two dvPortgroups are in two different vSphere distributed switches, as long as the vSphere distributed switches do not share a host.
              • If VXLAN is configured, logical router interfaces must be connected to distributed port groups on the vSphere Distributed Switch where VXLAN is configured. Do not connect logical router interfaces to port groups on other vSphere Distributed Switches.

               

              Start reading from page :69 -- Scalable topology and multi tenant network - I repeat its big plus with ESG in between.

               

              https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virtualization-design-gui…

              • 4. Re: DLR and North south traffic
                vSohill Hot Shot

                Thank you, I will go through VMware doc and maybe come back to you for clarifications