vmw-nsx-logo1

Routing with NSX using multiple sites

On May 21, 2017, in Design & Architecture, NSX, Routing, by Iwan Hoogendoorn

This article will be about routing using different protocols and routing domain setups.
As you know with routing we advertise network prefixes so that the networks are known on other places on the network. In this process, we can influence the traffic flow when multiple routing/network paths are available.
This can be done egress (from inside to outside – typically south to north) and ingress (from outside to inside – typically from north to south).

To influence the path that is taken there are different methods per protocol possible.

In this article, I will only discuss OSPF cost and BGP weight because these are the only mechanisms that are supported by the Edges of NSX.
I will also only talk about egress routing as ingress routing is usually influenced on other devices with different attributes / mechanisms.

The general rule for OSPF cost is that the lower the cost is the more preferred the route is.
For BGP this is the higher the weight the more preferred the route is.

NSX Multisite deployments

When we are using vSphere together with NSX Multisite deployments are supported.
The following options are possible:

1.Multisite with multiple vCenters
a.With active/passive site egress (Routing Metric or Local Egress Utilized)
b.With active/active site egress (Local Egress Utilized)
2.Multisite with single vCenter (stretched storage required)
a.With active/passive site egress (Routing Metric or Local Egress Utilized)
b.With active/active site egress (Local Egress Utilized)

I will only discuss 1a and 1b in this article.

Diagram

The following diagram will be used for our setup.

nsx-routing-blog-1Introduction

Components

I have used the following components:

CORE:
• CS01 = Cisco 3550 L3 Core Switch

DC1:
• External PSC (6.5)
• vCenter Server Appliance (6.5)
• NSX Manager – Primary (6.3.1)
• RT-A-01 = CSR1000V
• RT-A-02 = CSR1000V
• ESG-A = NSX ESG (standalone, no ECMP, no HA)
• UDLR-01 (standalone, no HA)
• UDLR-02 (local egress enabled)

DC2:
• External PSC (6.5)
• vCenter Server Appliance (6.5)
• NSX Manager – Secondary (6.3.1)
• RT-B-01 = CSR1000V
• RT-B-02 = CSR1000V
• ESG-B = NSX ESG (standalone, no ECMP, no HA)
• UDLR-02 (local egress enabled)

Use-Cases

I have thought of the following use-cases below.

As it is not possible to test active/passive and active/active with one UDLR I am using two UDLR instances here.

For testing purpose, I will use three tenants with each having their own Web, App and DB tiers.

Tenant one and two will be using the first UDLR (UDLR-01) with active/passive site egress.
Tenant three will be using the second UDLR (UDLR-02) with active/active site egress.

Tenant one:
Tenant one will have workloads in DC1 and in DC2 and because it is the routing protocol to determine the egress path the traffic will exit (based on the configuration) from the primary site.
When the primary site is down the traffic should exit from the secondary site.

Tenant two:
Tenant one will have workloads in DC2 and because it is the routing protocol to determine the egress path the traffic will exit (based on the configuration) from the primary site.
When the primary site is down the traffic should exit from the secondary site.

Tenant three:
Tenant three will have workloads in DC1 and in DC2 and because it is using local egress the traffic will exit from the Cisco CSR1000V routers local to that site.
When the primary site is down the traffic should exit from the secondary site and when the secondary is down traffic should exit from the primary.

The following implementation options are available and I am going to deploy and test all of them.

Routing protocol options

1. Option 1
a.eBGP peering between the UDLR and the ESG’s
b.eBGP peering between the ESG’s and the external routers
c.eBGP peering between the external routers and the CORE

2. Option 2
a.iBGP peering between the UDLR and the ESG’s
b.eBGP peering between the ESG’s and the external routers
c.eBGP peering between the external routers and the CORE

3. Option 3
a.iBGP peering between the UDLR and the ESG’s
b.iBGP peering between the ESG’s and the external routers
c.eBGP peering between the external routers and the CORE

4. Option 4
a.OSPF peering between the UDLR and the ESG’s (where the ESG is an Area Border Router (ABR))
b.OSPF peering between the ESG’s and the external routers (where the ESG is an Area Border Router (ABR))
c.eBGP peering between the external routers and the CORE

5. Option 5
a.OSPF peering between the UDLR and the ESG’s (in the same area)
b.OSPF peering between the ESG’s and the external routers (in the same area)
c.eBGP peering between the external routers and the CORE

Detailed steps for this exercise are found on my wiki because I believe this can be better documented in wiki format.

 

About the author

Iwan Hoogendoorn


ing. Iwan Hoogendoorn MSc.

Iwan Hoogendoorn works as a Senior Professional Services Consultant at VMware focusing on design, implementation and validation of VMware’s NSX but also on the other software-defined data center products. Iwan has more than 19 years in IT architecture, with a focus on network and security solutions for global enterprises. An enthusiastic MSc. graduate, Iwan holds a wide range of industry leading certifications including Cisco CCIE x6 # 13084 (Routing & Switching, Security, Service Provider, Voice, Data Center and Wireless), and VMware vExpert '15-'18, VCP6-NV/VCP6-DCV and VCIX6-NV.

Follow his personal wiki and his blog.

Visit Authors Website

Facebook Twitter

 

Comments are closed.