Deploying VMware Validated Design Using OSPF Dynamic Routing. Technical Note 9 NOV 2017 VMware Validated Design 4.1 VMware Validated Design 4.

Similar documents
Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Design Use Cases

Planning and Preparation. VMware Validated Design 4.0 VMware Validated Design for Remote Office Branch Office 4.0

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

vcloud Director Tenant Portal Guide vcloud Director 8.20

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center

Planning and Preparation

VMware Validated Design Site Protection and Recovery Guide

Dell EMC. VxBlock Systems for VMware NSX 6.3 Architecture Overview

Dell EMC. VxBlock Systems for VMware NSX 6.2 Architecture Overview

VMware Validated Design for NetApp HCI

vcloud Air Advanced Networking Services Guide

Architecture and Design. Modified on 21 AUG 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.

Getting Started Guide. VMware NSX Cloud services

Recommended Configuration Maximums

Planning and Preparation. Modified on 21 DEC 2017 VMware Validated Design 4.1 VMware Validated Design for Micro-Segmentation 4.1

VMware Validated Design Planning and Preparation Guide

Architecture and Design. VMware Validated Design 4.0 VMware Validated Design for Micro-Segmentation 4.0

Architecture and Design. 17 JUL 2018 VMware Validated Design 4.3 VMware Validated Design for Management and Workload Consolidation 4.

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

VMware Cloud on AWS Networking and Security. 5 September 2018 VMware Cloud on AWS

Planning and Preparation. 22 AUG 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.1

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

Architecture and Design. Modified on 24 OCT 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.

Planning and Preparation. 13 FEB 2018 VMware Validated Design 4.2 VMware Validated Design for Software-Defined Data Center 4.2

vrealize Operations Management Pack for NSX for vsphere 3.5.0

Migration. 22 AUG 2017 VMware Validated Design 4.1 VMware Validated Design for Software-Defined Data Center 4.1

Table of Contents HOL NET

ACI Transit Routing, Route Peering, and EIGRP Support

VMware Cloud on AWS Getting Started. 18 DEC 2017 VMware Cloud on AWS

Planning and Preparation. 17 JUL 2018 VMware Validated Design 4.3 VMware Validated Design for Software-Defined Data Center 4.3

Architecture and Design of VMware NSX-T for Workload Domains. Modified on 20 NOV 2018 VMware Validated Design 4.3 VMware NSX-T 2.3

Recommended Configuration Maximums

Cloud Provider Pod Designer User Guide. November 2018 Cloud Provider Pod 1.0.1

Architecture and Design. 22 AUG 2017 VMware Validated Design 4.1 VMware Validated Design for Management and Workload Consolidation 4.

Architecture and Design. Modified on 21 DEC 2017 VMware Validated Design 4.1 VMware Validated Design for Micro-Segmentation 4.1

VMware Cloud Provider Pod Designer User Guide. October 2018 Cloud Provider Pod 1.0

NSX-T Upgrade Guide. VMware NSX-T 2.0

vsphere Networking Update 1 ESXi 5.1 vcenter Server 5.1 vsphere 5.1 EN

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

Design Guide: Deploying NSX for vsphere with Cisco ACI as Underlay

Dedicated Hosted Cloud with vcloud Director

vrealize Operations Management Pack for NSX for vsphere 3.0

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Validated Design for Micro-Segmentation Reference Architecture Guide

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Upgrade Guide. vcloud Availability for vcloud Director 2.0

Recommended Configuration Maximums. NSX for vsphere Updated on August 08, 2018

Quick Start Guide (SDN)

VMware Cloud Foundation Planning and Preparation Guide. VMware Cloud Foundation 3.0

Configuring APIC Accounts

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cross-vCenter NSX Installation Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

Getting Started with VMware Cloud Assembly. 27 August 2018 VMware Cloud Assembly

vsphere Networking Update 2 VMware vsphere 5.5 VMware ESXi 5.5 vcenter Server 5.5 EN

Architecture and Design

Architecture and Design. VMware Validated Design 4.0 VMware Validated Design for Software-Defined Data Center 4.0

vrealize Operations Management Pack for NSX for vsphere 3.5 Release Notes

vrealize Operations Management Pack for NSX for vsphere 2.0

NSX Administration Guide. Update 3 Modified on 20 NOV 2017 VMware NSX for vsphere 6.2

Using the vrealize Orchestrator OpenStack Plug-In 2.0. Modified on 19 SEP 2017 vrealize Orchestrator 7.0

Cross-vCenter NSX Installation Guide. Update 4 VMware NSX for vsphere 6.4 VMware NSX Data Center for vsphere 6.4

IP Fabric Reference Architecture

VMware Integrated OpenStack Quick Start Guide

VMware Validated Design Backup and Restore Guide

Cross-vCenter NSX Installation Guide. Update 6 Modified on 16 NOV 2017 VMware NSX for vsphere 6.3

Multi-Tenancy in vrealize Orchestrator. vrealize Orchestrator 7.4

What s New in VMware vcloud Director 8.20

VMware vcloud Air User's Guide

VMware Mirage Getting Started Guide

ENTERPRISE HYBRID CLOUD 4.1.1

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.0

NSX-T Upgrade Guide. VMware NSX-T 2.1

Site Recovery Manager Security

DEPLOYING A VMWARE VCLOUD DIRECTOR INFRASTRUCTURE-AS-A-SERVICE (IAAS) SOLUTION WITH VMWARE CLOUD FOUNDATION : ARCHITECTURAL GUIDELINES

2V0-642 vmware. Number: 2V0-642 Passing Score: 800 Time Limit: 120 min.

Cisco ACI Multi-Pod and Service Node Integration

Workload Mobility and Disaster Recovery to VMware Cloud IaaS Providers

DISASTER RECOVERY- AS-A-SERVICE FOR VMWARE CLOUD PROVIDER PARTNERS WHITE PAPER - OCTOBER 2017

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Creating a VMware Software-Defined Data Center REFERENCE ARCHITECTURE VERSION 1.5

70-745: Implementing a Software-Defined Datacenter

vsphere Networking Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Reference Architecture

vrealize Operations Management Pack for NSX for Multi-Hypervisor

vcloud Air - Dedicated Disaster Recovery Release Notes

VMware vcloud Director Configuration Maximums vcloud Director 9.1 and 9.5 October 2018

GUIDE. Optimal Network Designs with Cohesity

Planning and Preparation. VMware Validated Design 4.0 VMware Validated Design for Software-Defined Data Center 4.0

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

vsphere Replication for Disaster Recovery to Cloud

VMware Skyline Collector Installation and Configuration Guide. VMware Skyline 1.4

Administering View Cloud Pod Architecture. VMware Horizon 7 7.0

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2

Reference Architecture. Modified on 17 AUG 2017 vrealize Operations Manager 6.6

ENTERPRISE HYBRID CLOUD 4.1.2

Transcription:

Deploying VMware Validated Design Using PF Dynamic Routing Technical Note 9 NOV 2017 VMware Validated Design 4.1 VMware Validated Design 4.0

Deploying VMware Validated Design Using PF Dynamic Routing You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright 2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 2

Contents About Deploying PF over BGP in SDDC 4 1 Introduction to Dynamic Routing in SDDC 5 2 BGP in the Physical Network and in the Validated SDDC 7 Overview of BGP Configuration in SDDC 7 BGP-BGP Configuration on the NSX Devices in the SDDC 9 3 PF in the Physical Network and BGP in the Validated SDDC 11 Overview of Hybrid PF-BGP Configuration in SDDC 12 Hybrid PF-BGP Configuration on the NSX Devices 13 4 PF in the Physical Network and in the Validated SDDC 16 Overview of PF Configuration in SDDC 16 PF-PF Configuration on the NSX Devices 18 VMware, Inc. 3

About Deploying PF over BGP in SDDC The Deploying PF over BGP for VMware Validated Design technical note contains a high-level guidance on using Border Gateway Protocol (BGP) and Open Shortest Path First (PF) for dynamic routing in an SDDC that is implemented according to VMware Validated Design for Software-Defined Data Center. The technical note discusses the distribution of areas and autonomous systems across the network, and the configuration of the NSX devices deployed. VMware Validated Design for Software-Defined Data Center is a dual-region, full-stack, data center design for geographically separated sites that can replicate asynchronously to provide regional fault domains. You also can use VMware Validated Design for Software-Defined Data Center to deploy a single region data center without failover capabilities. This document discusses the integration of a validated SDDC with existing logical network routing. Core networking functionality in an SDDC that is compliant with VMware Validated Design is on top of NSX for vsphere. NSX supports two methods of dynamic routing - BGP and PF. Three possible dynamic routing options exist: using only BGP, only PF, or a combination of PF and BGP. Intended Audience Deploying PF over BGP for VMware Validated Design is intended for cloud architects, infrastructure administrators and cloud administrators who are familiar with and want to use VMware software to deploy in a short time and manage an SDDC that meets the requirements for capacity, scalability, backup and restore, and extensibility for disaster recovery support. You must also have advanced knowledge of the PF and BGP routing protocols. For more information, contact your networking infrastructure partner. Required VMware Software Deploying PF over BGP for VMware Validated Design is compliant with certain product versions according to the version of VMware Validated Design. See VMware Validated Design Release Notes for more information about supported product versions. VMware, Inc. 4

Introduction to Dynamic 1 Routing in SDDC In an SDDC, you use dynamic routing for fault-tolerance, scalability and disaster recovery support. In an environment where you use static routes, paths through the networks are manually determined and maintained by a network administrator. Because of the dynamic nature of an SDDC that implements VMware Validated Design, the use of static routes reduces the ability to deploy new networks, enable failover of networking components both in and between regions. For instance, you use dynamic routing to repoint traffic during a failure of an ECMP-enabled NSX Edge Services Gateway (ESG). If you use static routing, traffic is black-holed until the administrator restores the operational state of the ESG or manually modifies routing within the environment. Work with the following roles to determine whether to use BGP or PF in your environment: Team and vendors that are involved in the design of the physical network infrastructure Disaster recovery team Specialist in VMware NSX Comparing BGP, Hybrid PF-BGP and PF Configurations VMware Validated Design uses BGP as the routing protocol in an SDDC. BGP provides optimal traffic flow and route filtering. In addition, BGP can manage autonomous systems which are separated from the traditional core networking environment. Table 1 1. Comparison Between BGP, PF, and Hybrid Implementations Feature BGP Hybrid PF-BGP PF Guidance about design, deployment and upgrade in VMware Validated Design Best control of route propagation and filtering Best control of route manipulation Suitable for a dual-site or dual-region SDDC X X X X Suitable for a single-site SDDC X X X VMware, Inc. 5

Deploying VMware Validated Design Using PF Dynamic Routing Table 1 1. Comparison Between BGP, PF, and Hybrid Implementations (Continued) Feature BGP Hybrid PF-BGP PF No need for BGP licensing in the physical environment Simplicity and low operational cost X X X NSX Devices that You Configure for Dynamic Routing VMware Validated Design uses a configuration of NSX devices to implement dynamic routing in the SDDC. The devices provide North-South routing for failover of and external user access to the management virtual appliances and tenant workloads, and East-West routing between the management virtual appliances or the tenant workloads. For more information about NSX device configuration in VMware Validated Design, see Architecture and Design and Planning and Preparation on the VMware Validated Design Documentation page. Table 1 2. NSX Devices that Implement Dynamic Routing in VMware Validated Design NSX Device Type Role Region A FQDN in VMware Validated Design Region B FQDN in VMware Validated Design ECMP-enabled NSX Edge North-South routing between the NSX virtual world and the physical world in a multi-tenant and scalable environment Management cluster sfo01m01esg01 sfo01m01esg02 Shared edge and compute Management cluster lax01m01esg01 lax01m01esg02 Shared edge and compute cluster cluster sfo01w01esg01 lax01w01esg01 sfo01w01esg02 lax01w01esg02 Universal Distributed Logical Router (UDLR) East-West routing between the management virtual machines in a dual-region SDDC East-West routing between tenant workloads that must be failed over between the regions of the SDDC Management cluster sfo01m01udlr01 Shared edge and compute cluster sfo01w01udlr01 - Distributed Logical Router (DLR) East-West routing for tenant workloads that require ondemand network objects sfo01w01dlr01 lax01w01dlr01 VMware, Inc. 6

BGP in the Physical Network 2 and in the Validated SDDC The default configuration for dynamic routing in VMware Validated Design is based entirely on BGP. You distribute network physical and virtual devices in Autonomous Systems (ASs) and configure the settings of the NSX Edge and logical router devices accordingly. This section includes the following topics: Overview of BGP Configuration in SDDC BGP-BGP Configuration on the NSX Devices in the SDDC Overview of BGP Configuration in SDDC Per VMware Validated Design for Software-Defined Data Center use BGP across the SDDC to support a multi-tenant configuration, automation and network scalability. VMware Validated Design for Software-Defined Data Center uses BGP for dynamic routing in the core networking environment either solely or as a secondary protocol, and in the SDDC. The BGP-only configuration is continually validated with each release of VMware Validated Design. All operational guidance about maintenance, disaster recovery and upgrade supports this configuration. See NSX Design in the VMware Validated Design Architecture and Design documentation. VMware, Inc. 7

Deploying VMware Validated Design Using PF Dynamic Routing Figure 2 1. BGP-BGP Configuration in the SDDC Region A Region B Region A BGP AS Spine Spine Region B BGP AS WAN VC PSC NSXM NSXC VC PSC NSXM BGP BGP BGP BGP ECMP ESG ECMP ESG BGP Universal Transit Logical Switch UDLR CTRL Universal Distributed Logical Router SDDC BGP AS Virtual Networks Implement a BGP-centric design where the management components in the virtual infrastructure layer in each region run in their own Autonomous System (AS) and the components for cloud management and operations management run in a cross-region AS. The VMware Validated Design documentation supports the following configuration: Use ebgp between the physical environment (ToR) and ECMP-enabled NSX Edge (ESG) devices. Use ibgp between NSX ESGs and UDLRs and DLRs. On the NSX ESGs, configure route redistribution between the physical and software-defined infrastructure. Benefits Protocol of choice for VMware Validated Design Validated with VMware Validated Design testing methodology VMware Validated Design documentation supports BGP as the main routing protocol VMware, Inc. 8

Deploying VMware Validated Design Using PF Dynamic Routing Requirements Provide a BGP-enabled endpoint on the physical infrastructure to establish hardware adjacency. BGP-BGP Configuration on the NSX Devices in the SDDC Allocate VLANs and configure the NSX Edge and logical router devices to implement BGP as the only protocol for dynamic routing in the SDDC. Consider the business requirements for each sub-network when you configure BGP peering. Follow the guidance in VMware Validated Design for Software-Defined Data Center. VLAN Configuration In each region, you allocate four VLANs as the North-South transit network to and from the validated SDDC: Two for the management pod Two for the shared edge and compute pod Note The uplinks for the management pod and shared edge and compute pod must be a part of a separate Autonomous System (AS). Note In a Cisco VPC environment, your physical infrastructure must support dynamic routing adjacency with third-party devices over a VPC. Contact Cisco technical support for more details. Configuration on ECMP-Enabled NSX Edge Devices On the NSX Edge devices that support North-South routing over ECMP, you configure the settings to match the characteristics of the adjacent devices. For routing between the edge devices and the dynamic logical router devices you configure lower timeout for sending to and receiving messages from peers for fast failure detection and routing table updates. You also create static routes for sub-networks behind the distributed logical routers to keep routing from ToR to these subnets alive if failover to Region B. Table 2 1. BGP-BGP Configuration on the ECMP-Enabled NSX Edge Devices Feature AS number (ASN) Configuration for ESG-UDLR Connection (Software Adjacency) Single ASN that is specific for physical environment Configuration for ESG-ToR Connection (Hardware Adjacency) One ASN per region or site Keep Alive Time 1 second 4 seconds Hold Down Time 3 seconds 12 seconds BGP flavor ibgp ebgp BGP password Yes Yes VMware, Inc. 9

Deploying VMware Validated Design Using PF Dynamic Routing Table 2 1. BGP-BGP Configuration on the ECMP-Enabled NSX Edge Devices (Continued) Feature Configuration for ESG-UDLR Connection (Software Adjacency) Configuration for ESG-ToR Connection (Hardware Adjacency) Static routes as a backup Yes According to the requirements of your network configuration Route redistribution From static routes From connected network interfaces Configuration on UDLR and DLR Devices On the universal dynamic logical routers and dynamic logical routers that support East-West routing between workloads, you configure the settings to match the characteristics of the adjacent devices. The settings on the dynamic logical router are similar to the settings on the ECMP NSX Edge devices. Table 2 2. BGP-BGP Configuration on the UDLR and DLR Devices Feature ASN Keep Alive Time Hold Down Time BGP flavor BGP password Route redistribution Enable graceful restarts Configuration for UDLR-ESG Routing (Software Adjacency) Single ASN that is specific for physical environment 1 second 3 seconds ibgp Yes From connected network interfaces Yes Considerations About a Dual-Region SDDC In a dual-region data center, the following considerations exist: Each region is assigned a ASN that is specific for the physical environment. In the SDDC, use a common AS across regions. By using weights and prefix-based filtering, BGP provides better per-neighbor route control. To support more tenants, deploy more ECMP NSX Edge devices, each pair in its own tenant-specific AS. Steps to Configure BGP-BGP Dynamic Routing Follow the deployment guidance in VMware Validated Design for Software-Defined Data Center to implement BGP-BGP dynamic routing. See Region A Virtual Infrastructure Implementation and Region B Virtual Infrastructure Implementation. VMware, Inc. 10

PF in the Physical Network 3 and BGP in the Validated SDDC You can implement a hybrid PF-BGP configuration for dynamic routing in the SDDC as an alternative to the BGP design in VMware Validated Design. You distribute network physical and virtual devices in PF Areas and BGP Autonomous Systems (ASs), and configure the settings of the NSX Edge and logical router devices accordingly. This section includes the following topics: Overview of Hybrid PF-BGP Configuration in SDDC Hybrid PF-BGP Configuration on the NSX Devices VMware, Inc. 11

Deploying VMware Validated Design Using PF Dynamic Routing Overview of Hybrid PF-BGP Configuration in SDDC In an SDDC that implements VMware Validated Design, you can use PF for routing in the physical network infrastructure and BGP for routing between the virtual machines for multi-tenancy support. You can use this configuration instead of the BGP-only configuration from the VMware Validated Design documentation to save BGP licensing and to implement a single-region environment. Figure 3 1. PF-BGP Configuration in the SDDC Region A Region B PF Area 0 Spine Spine WAN VC PSC NSXM NSXC VC PSC NSXM SDDC PF NSSA Area PF PF PF PF ECMP ESG ECMP ESG BGP Universal Transit Logical Switch UDLR CTRL Universal Distributed Logical Router SDDC BGP AS Virtual Networks The management components in the virtual infrastructure layer and the physical switch infrastructure run in an PF NSSA. The components for cloud management and operations management run in a crossregion BGP Autonomous System (AS) to support multi-tenancy. The high-level configuration for hybrid PF-BGP routing in a system based on VMware Validated Design is as follows: Use PF between the physical environment (ToR) and ECMP-enabled ESGs. Use ibgp between ESGs and UDLRs and DLRs. On the NSX ESGs, configure route redistribution between the PF and BGP. VMware, Inc. 12

Deploying VMware Validated Design Using PF Dynamic Routing Limitations Not validated by using the testing methodology of VMware Validated Design VMware Validated Design deployment and upgrade guidance is not relevant to hybrid PF-BGP routing Requirements Use the PF Areas in the physical infrastructure. Configure NSSA area types Configure the physical network devices as PF Area Border Routers (ABRs). Configure two separate NSSA areas for the management components in the virtual infrastructure layer in the following way: One area for the management pod Configure on Uplink01 and Uplink02 from the NSX ESGs on the management pod. One area for the shared edge and compute pod Configure on Uplink03 and Uplink04 from the NSX ESGs on the shared edge and compute pod. ABRs must inject default route in the NSSA Area. Do not use NSX ESGs as PF ABRs. Do not include NSX ESGs in Area 0. Hybrid PF-BGP Configuration on the NSX Devices To use PF-BGP routing instead of BGP-only routing in an SDDC that implements VMware Validated Design, allocate VLANs and configure the NSX Edge devices to exchange routing information with the physical infrastructure by using PF. Configure the NSX Edge and logical router devices to use BGP for internal routing. VLAN Configuration In each region, you allocate four VLANs as the North-South transit network to and from the validated SDDC: Two for the management pod Two for the shared edge and compute pod Note The uplinks for the management pod and shared edge and compute pod must be a part of a separate Autonomous System (AS). Note In an Cisco VPC environment, your physical infrastructure must support dynamic routing adjacency with third-party devices over a VPC. Contact Cisco technical support for more details. VMware, Inc. 13

Deploying VMware Validated Design Using PF Dynamic Routing Configuration on ECMP-Enabled NSX Edge Devices On the NSX Edge devices that support North-South routing over ECMP, you configure the settings to match the capabilities of the adjacent devices. For routing between the edge devices and the dynamic logical router devices you configure lower timeout for sending to and receiving messages from peers for fast failure detection and routing table updates. You also create static routes for sub-networks behind the distributed logical routers to keep routing from ToR to these subnets active if failover to Region B occurs. Table 3 1. PF-BGP Configuration on the ECMP-Enabled NSX Edge Devices Feature Configuration for ESG-UDLR Connection (Software Adjacency) Configuration for ESG-ToR Connection (Hardware Adjacency) Routing protocol ibgp PF PF Area - Specifically defined to the SDDC physical environment. Map to the Uplink01 and Uplink02 interfaces. Keep Alive Time in BGP Hello Interval in PF Hold Down Time in BGP Dead Interval in PF 1 second 1 second 3 seconds 4 seconds BGP or PF password Yes Yes Static routes as a backup Yes According to the requirements of your network configuration Route redistribution From PF From BGP From static routes From connected network interfaces Configuration on UDLR and DLR Devices On the universal dynamic logical routers and dynamic logical routers that support East-West routing between workloads, you configure the BGP peering to match the characteristics of the adjacent devices. The settings on the dynamic logical router are similar to the settings on the ECMP NSX Edge device. Table 3 2. PF-BGP Configuration on the UDLR and DLR Devices Feature AS number (ASN) Keep Alive Time Hold Down Time BGP flavor BGP password Configuration for UDLR-ESG Routing (Software Adjacency) Single ASN that is specific for physical environment 1 second 3 seconds ibgp Yes VMware, Inc. 14

Deploying VMware Validated Design Using PF Dynamic Routing Table 3 2. PF-BGP Configuration on the UDLR and DLR Devices (Continued) Feature Route redistribution Enable graceful restarts Configuration for UDLR-ESG Routing (Software Adjacency) From connected network interfaces Yes Considerations About a Dual-Region SDDC In a dual-region data center, the following considerations exist: Place the networking hardware in Region A and Region B in the same PF Areas. Avoid using region-specific PF Areas.. Use a common AS across regions. Using a cross-region AS provides parity with the use of an NSX UDLR for central network management. Increase the PF priority on the NSX ESGs in Region A to ensure PF Designated Router and Backup Designated Router are preferred in Region A. Steps to Configure PF-BGP Dynamic Routing 1 Follow the deployment guidance in VMware Validated Design for Software-Defined Data Center to deploy the NSX ESGs and logical routers devices. See Region A Virtual Infrastructure Implementation and Region B Virtual Infrastructure Implementation. 2 In the Networking & Security area of the vsphere Web Client, select NSX Edges in the Navigator. 3 Under each NSX Manager, double-click an NSX ESG or logical router device to open its network settings. For a list of the NSX devices, see NSX Devices that You Configure for Dynamic Routing. 4 On the Manage tab, click Routing, configure the device according to Table 3 1 and Table 3 2, and publish the changes. VMware, Inc. 15

PF in the Physical Network 4 and in the Validated SDDC You can implement a configuration for dynamic routing in the SDDC that uses only PF as an alternative to the BGP design in VMware Validated Design. You distribute network physical and virtual devices in PF Areas, and configure the settings of the NSX Edge and logical router devices accordingly. This section includes the following topics: Overview of PF Configuration in SDDC PF-PF Configuration on the NSX Devices Overview of PF Configuration in SDDC In an SDDC that implements VMware Validated Design, you can use PF for end-to-end routing. You can use this configuration instead of the BGP-only configuration from the VMware Validated Design documentation for simplicity and low operational cost. You can also save BGP licensing and implement a single-region environment. You can use PF in the physical network environment and in the virtual part of the SDDC. VMware, Inc. 16

Deploying VMware Validated Design Using PF Dynamic Routing Figure 4 1. PF-PF Configuration in the SDDC Region A Region B PF Area 0 Spine Spine WAN VC PSC NSXM NSXC VC PSC NSXM PF PF PF PF ECMP ESG ECMP ESG PF Universal Transit Logical Switch UDLR CTRL Universal Distributed Logical Router SDDC PF NSSA Area Virtual Networks The management components in the virtual infrastructure layer and the physical switch infrastructure run in PF Area 0. The components for cloud management and operations management run in an PF NSSA Area. The high-level configuration for PF-only routing in a system based on VMware Validated Design is as follows: Use PF between the physical environment (ToR) and ECMP-enabled NSX ESGs. Use PF between NSX ESGs and UDLRs and DLRs. On the NSX ESGs, configure route redistribution between the physical and software-defined infrastructure. Limitations Not validated by using the testing methodology of VMware Validated Design VMware Validated Design deployment and upgrade guidance is not relevant to pure PF routing VMware, Inc. 17

Deploying VMware Validated Design Using PF Dynamic Routing Requirements Use the PF Areas in the physical infrastructure. Configure NSSA area types Configure the physical network devices as PF Area Border Routers (ABRs). Configure two separate NSSA areas for the management components in the virtual infrastructure layer in the following way: One area for the management pod Configure on Uplink01 and Uplink02 from the NSX ESGs on the management pod. One area for the shared edge and compute pod Configure on Uplink03 and Uplink04 from the NSX ESGs on the shared edge and compute pod. ABRs must inject default route in the NSSA Area. Do not use NSX ESGs as PF ABRs. Do not include NSX ESGs in Area 0. PF-PF Configuration on the NSX Devices To use PF-only routing instead of BGP-only routing in an SDDC that implements VMware Validated Design, allocate VLANs and configure the NSX Edge and logical router devices to implement PF as the only protocol for dynamic routing in the SDDC. VLAN Configuration In each region, you allocate four VLANs as the North-South transit network to and from the validated SDDC: Two for the management pod Two for the shared edge and compute pod Note The uplinks for the management pod and shared edge and compute pod must be a part of a separate PF Area. Note In a Cisco VPC environment, your physical infrastructure must support dynamic routing adjacency with third-party devices over a VPC. Contact Cisco technical support for more details. VMware, Inc. 18

Deploying VMware Validated Design Using PF Dynamic Routing Configuration on ECMP-Enabled NSX Edge Devices On the NSX Edge devices that support North-South routing over ECMP, you configure the settings to match the capabilities of the adjacent devices. For routing between the edge devices and the dynamic logical router devices you configure lower timeout for sending to and receiving messages from peers for fast failure detection and routing table updates. You also create static routes for sub-networks behind the distributed logical routers to keep routing from ToR to these subnets active if failover to Region B occurs. Table 4 1. PF-PF Configuration on the ECMP-Enabled NSX Edge Devices Feature Configuration for ESG-UDLR Connection (Software Adjacency) Configuration for ESG-ToR Connection (Hardware Adjacency) Routing protocol PF PF PF Area Specifically defined to the SDDC physical environment. Specifically defined to the SDDC physical environment. Map to the Uplink01 and Uplink02 interfaces. Hello Interval 1 second 1 second Dead Interval 4 seconds 4 seconds PF password Yes Yes Static routes as a backup Yes According to the requirements of your network configuration Route redistribution From PF From static routes From connected network interfaces Configuration on UDLR and DLR Devices On the universal dynamic logical routers and dynamic logical routers that support East-West routing between workloads, you configure the PF peering to match the characteristics of the adjacent devices. The settings on the dynamic logical router are similar to the settings on the ECMP NSX Edge device. Table 4 2. PF-PF Configuration on the UDLR and DLR Devices Feature PF Area Hello Interval Dead Interval PF password Route redistribution Enable graceful restarts Configuration for UDLR-ESG Routing (Software Adjacency) According to the requirements of your network configuration. Map to the NSX universal transit network interface. 1 second 4 seconds Yes From connected network interfaces Yes VMware, Inc. 19

Deploying VMware Validated Design Using PF Dynamic Routing Considerations About a Dual-Region SDDC In a dual-region data center, increase the PF priority on the NSX ESGs in Region A to ensure PF Designated Router and Backup Designated Router exist in Region A. Steps to Configure PF-PF Dynamic Routing 1 Follow the deployment guidance in VMware Validated Design for Software-Defined Data Center to deploy the NSX ESGs and logical routers devices. See Region A Virtual Infrastructure Implementation and Region B Virtual Infrastructure Implementation. 2 In the Networking & Security area of the vsphere Web Client, select NSX Edges in the Navigator. 3 Under each NSX Manager, double-click an NSX ESG or logical router device to open its network settings. For a list of the NSX devices, see NSX Devices that You Configure for Dynamic Routing. 4 On the Manage tab, click Routing, configure the device according to Table 4 1 and Table 4 2, and publish the changes. 5 Configure the other NSX devices. VMware, Inc. 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback