As we are using version 4.3, which gives us flexibility of deploying either with Static routing or dynamic using BGP, it doesn't deploy edge nodes and no AVN gets created. It actually allows us "Architects" to design and deploy without manual intervention or work around for keeping up with the needs of customer.
In a brown field deployment if you have an underlay network which is configured with static routes, as customer have limited subnets and do not have requirement of rapid network provisioning, they would not want to enable BGP, only to accommodate VCF and to design around this requirement we used work arounds, but now its a straight solution.
What is Edge Node?
Well if you are new to NSX-T world, which is VMware's software defined network product, and not familiar with the terminologies, then this is for you "An NSX Edge Node is a transport node that runs the local control plane daemons and forwarding engines implementing the NSX-T data plane. It runs an instance of the NSX-T virtual switch called the NSX Virtual Distributed Switch, or N-VDS. The Edge Nodes are service appliances dedicated to running centralized network services that cannot be distributed to the hypervisors. They can be instantiated as a bare metal appliance or in virtual machine form factor. They are grouped in one or several clusters, representing a pool of capacity."
source: vmware.com
I am sure this must have confused you more, so let me try to put it in other words, Edge node is an appliance which runs router instance of NSX-T solution, which can not be distributed on each host.
I explained management plane, control plane and data plane in my first post , now control plane is divided in two parts, central control plane and local control plane. Controllers are part of CCP and LCP is available on every transport node. Any service which can not be distributed on all transport nodes will run on edge nodes, such as NAT, gateway firewall and load balancer etc.
NSX-T supports two tier architecture, using T0 and T1 router instances.
What is Transport Node?
As NSX-T is hypervisor agnostic you can configure overlay networking with vmware, kvm or hyper-v along with physical servers. Now VMware needed a term with which they can refer all end points from different platforms, hence they started calling them transport nodes. In simple words any hypervisor or physical server including edge nodes which are participating in a NSX-T datacenter are called NSX-T transport nodes.
now each transport node can be part of multiple vlan transport zones but can only be part of single overlay transport zone.
What is Transport Zone?
"A transport zone is a container that defines the potential reach of transport nodes. Transport nodes are hypervisor hosts and NSX Edges that will participate in an NSX-T Data Center overlay. For a hypervisor host, this means that it hosts VMs that will communicate over NSX-T Data Center logical switches. For NSX Edges, this means that it will have logical router uplinks and downlinks." source
In simple words, transport zone is the logical boundary within which a transport node can communicate to other transport nodes.
What is T0 or Tier-0?
In every network we have east-west and north-south data traffic, data which goes out our datacenter is usually called as north-south. We limit broadcast domains with routers. We can have multiple broadcast domains with in and outside DC.
As NSX is software defined network solution, it uses two types of routers. First one is T0 or Tier-0, which establishes neighbor ship with underlay network. Any communication which comes to NSX-T datacenter for data networks comes using T0 routers. Hence for NSX-T datacenter T0 takes care of all north-south data traffic.
What is T1 or Tier-1?
To complete two tier architecture we use another router which is T1 or Tier-1 router, which takes care of communication with in NSX-T datacenter, which is termed as east-west traffic. For example machine A with ip 192.168.1.2/24 gateway 192.168.1.254 is talking to 192.168.1.3/24 gateway 192.168.1.254 is east west traffic which will be with in same broadcast domain.
Another example where machine 192.168.1.2/24 gateway is talking to 192.168.2.2/24 gateway 192.168.2.254 within NSX-T datacenter will also be termed as E-W.
But machine 192.168.1.2/24 gateway 192.168.1.254 is talking to 172.16.11.2/24 gateway 172.16.11.254 which is a vlan hosted in our underlay (Physical network) would be termed as north-south.
What is Two Tier Architecture?
In physical networking two tier architecture is Spine and Leaf, where spine switches which are high end with very high throughput and low latency. Where in devices will be connected directly to leaf switches, which previously use to connect to TOR switches.
How same concept is adopted in VMware software defined network? With the help of T0 and T1, we use T0 as spine and T1 and Leaf switches "virtually".
How it affects our design?
Well, usually when we design a solution we use T1s for connecting overlay segments, and connect T1 to T0 for uplink "north-south" connectivity. But based on customer requirements and use cases you take this decision whether you will host T1 on edge nodes, whether you will use T1 in your design or you will directly connect segments to T0.
Some may argue we shouldn't connect overlay segments to T0. But if your customer only has 5 overlay segments, and do not have any plans for more networks in future, along with they are not using NSX-T for any other function or service it provides. Would you still recommend creating a T1 router? Some may say you wouldn't suggest customer to go for NSX-T if they are not using any function, but if I say customer has a very specific use case. They want to inspect their traffic with fortigate virtual firewall, and in order to route traffic to fortiSVMs NSX-T integration is used, then it becomes a solid business case.
Its a little off track from VMware cloud foundation but still think about it how you would handle this and if not NSX-T then what alternatives you will to customer.
In VMware cloud foundation, VMware validated design is used hence we have both T0 and T1.
How to install Edge node Cluster in VMware cloud foundation 4.3?
In order to install edge node cluster in VMware cloud foundation 4.3 management domain we need to login to SDDC manager, just keep in mind once management domain bring up is complete, each task is performed thru sddc manager and cloud builder VM is not needed.
Navigate to Workload domains under inventory.
Click on 3 dots next to management domain, and choose "Add Edge Cluster".
You will be presented with Edge cluster pre-requisites, select all after reviewing that they are completed and click Begin.
Even if you do not wish to use dynamic routing in your VCF environment, still provide a AS Number (Autonomous System) which is used with BGP. along with other details.
Once you have populated name and credential information you will have to pride edge cluster settings. Here you decide whether you wish to use static routing or dynamic. I have chosen small form factor, but you will choose as per design decision.
Now you need to provide details of edge nodes
Add both edge nodes and it is a pre-req task that all names should be registered in DNS and should be resolved.
Let the validation complete and then finish the wizard.
Hit finish to start provisioning of edge nodes.
You can follow the progress from the tasks window of SDDC manager, and once deployment is complete, task will finish successfully.
In my next post Step-by-step VMware Cloud Foundation 4.3 design and install AVNs I will show you how to add Application Virtual networks in VMware cloud foundation management domain.
I hope I was able to add value, if your answer is yes, then don't forget to share and follow. 😊
If you want me to write on specific content or you have any feedback on this post, kindly comment below.
If you want, you can connect with me on Linkedin, and please like and subscribe my youtube channel VMwareNSXCloud for step by step technical videos.
No comments:
Post a Comment