2 Replies Latest reply on Sep 10, 2020 1:55 PM by Bayu Wibowo

    NSX-T Multi-TEP design with usecase

    ArunKumarTyagi Lurker

      Hi Team,

       

      can someone please explain Multi-TEP design with use case.. i am getting confused.. how does we isolate workload and then how does it merge for external traffic.

        • 1. Re: NSX-T Multi-TEP design with usecase
          mauricioamorim Expert
          VMware Employees

          Are you talking about Edge Multi-TEP or Host Multi-TEP?

          Either way, I did not understand how this plays with workload isolation and external traffic.

          TEPs are the transport node interfaces for Geneve tunnel termination. They are only between transport nodes. Connection to physical network does not use TEP.

          With regards to workload isolation you can just use DFW. It is actually independent of TEPs and overlay networks.

          • 2. Re: NSX-T Multi-TEP design with usecase
            Bayu Wibowo Master
            User ModeratorsCommunity Warriors

            Hi,

             

            Could you explain more about the isolate workload requirement and external traffic?
            I'm still trying to correlate the TEP constructs with isolate/external traffic.

             

            Below east-west traffic goes via TEPs:

            1. East-West between VMs - between ESXi (Transport Node) TEP to ESXi (Transport Node) TEP

            2. East-West between Edge and VMs - between Edge (VM/Bare Metal) and ESXi (Transport Node) TEP

            Multi-TEPs is mainly for throughput/load balancing and not so much on isolation/separation traffic.

            Transport Node and/or Edge can have Multi-TEPs

             

            If you have 4 pNICs like below diagram, you can pin TEP VLANs on P3 & P4 and north-south/external traffic is pinned to P1 & P2

            If you only have 2 pNICs, they will on the same pNICs but still on different VLANs

            As you can see in below diagram, vNIC2 & vNIC3 will be the north-south/external and vNIC4 will be TEP/east-west.

            Not sure if this is the isolation that you're referring to.

             

            Overlay/East-West runs on an Overlay Transport Zone and an N-VDS can only have one Overlay Transport Zone

            If you need a separate Overlay Transport Zone, you would need a separate N-VDS and potentially a separate TEP VLAN, not sure if this is what you're referring.

            However, if your requirements is around security isolation, then this is not related with the TEP discussions

            Bayu Wibowo | VCIX6-DCV/NV
            Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
            https://github.com/bayupw/PowerNSX-Scripts
            https://nz.linkedin.com/in/bayupw | twitter @bayupw