2 Replies Latest reply on May 12, 2020 9:46 AM by Bhaskar73

    Modifications in the existing NSX environment on softlayer.

    Bhaskar73 Novice

      In my environment I have two esxi boxes with 6.5 version (enterprise plus) under the vcenter standard 6.0  where NSX 6.2(enterprise plus) has been implemented successfully. In the existing NSX environment there are no logical switches  and hence no DLR (Distributed Logical Router) is deployed.

       

      They created four portgroups for VMs: Private(intra), Public(internet), Services and Demo-VMs for the sake of isolation with vmkernel portgroups for vmotion, vtep, storage and mgmt under the single virtual distributed switch(vDS)

       

      They deployed one NSX edge gateway and went for site-to-site IPSec VPN with SNAT/DNAT performed for the private IPs:10.183.x.x

       

      Can I create three logical switches App-tier,Web-tier and DB-Tier and route the information using DLR under another private network:172.16.x.x?I want to shift all the VMs from the existing VM portgroups over to the logical switches accordingly. With the transit logical switch created between DLR and NSX Edge and subsequent SNAT/DNAT disabling the existing IPSec VPN, will I be in a position to implement NSX successfully?

       

      Any help or suggestion would be highly appreciated.

       

      Thanks in advance!

        • 1. Re: Modifications in the existing NSX environment on softlayer.
          Sreec Master
          vExpertVMware EmployeesCommunity Warriors

          Yes, this is certainly possible. Technically this is a gateway movement activity for the workloads followed by DLR-Edge connectivity, keeping the SNAT/DNAT intact as long as there are no IP changes.

          • 2. Re: Modifications in the existing NSX environment on softlayer.
            Bhaskar73 Novice

            Sreec, thank you so much for your answer!

                     

            Currently,there is neither  any logical switch nor any DLR. My proposed plan of action is to create four logical switches:

                                                                       Web-LS:172.16.10.0/24

                                                                       App-LS:172.16.20.0/24

                                                                       DB-LS:172.16.30.0/24

                                                                       Transit-LS:192.168.10/29

             

            I want to disable the existing IPSec VPN Tunnel on the NSX edge.The edge and DLR will share the transit logical switch while the uplink interface of the NSX Edge will be connected to the primary and secondary IP address of the physical router at the client's end as it is now. SNAT/DNAT and the existing edge firewall rules will remain intact.

             

            My only concern is the likely conflict in the IP addresses of all the VMs as they are in the 10.183.43.0/24 network and I want to attach them to respective logical switches in the 172.16.x.x network.

             

            Currently,the number of VMs in different VM portgroups in the existing NSX environment are as below:

                                                                      Private_VM: 36

                                                                      Public_VM: 5

                                                                      Services_VM: 5

                                                                      Demo_VM: 0

             

            What should I do so that there is minimal impact on the existing setup?

             

            Eagerly looking forward to hearing from you!