Scribd Logo
Upload

Welcome to Scribd!

  • NSXTD3 M11 Federation 0720

    Uploaded by

    Jacek
    27 views28 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    27 views28 pages

    NSXTD3 M11 Federation 0720

    Uploaded by

    Jacek

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 28

    Module 11: NSX-T Data

    Center Federation

    © 2020 VMware, Inc.


    Importance
    The NSX-T Data Center Federation feature enables you to maintain consistency between multiple data centers and
    achieve simplicity and design for the implementation of disaster recovery.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 2


    Learner Objectives
    • Explain Federation terminology
    • Identify the capabilities of Federation
    • Identify the Federation design use cases
    • Describe the stretch TO/T1 design
    • Review the design requirements for a design with Federation

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 3


    Federation Terminology (1)
    Global Manager (GM) or Local Manager (LM):
    • GM: A system that federates multiple LMs
    • LM: A system in charge of network and security services for a location
    Location, Region, or Global of an NSX object:
    • Location: Network or Security object sent to a single location
    • Global: Network or Security object sent to all locations
    • Region: Security object sent to one or multiple locations that are part of the same region (such as EMEA):
    – Region does not apply to Network objects.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 4


    Federation Terminology (2)
    Local or Stretched of the T0, T1, or segment:
    • Local: T0, T1, or segment with a span of one LM
    • Stretched: T0, T1, or segment with a span of more than one LM (two or more)
    Primary, secondary, or All_Primaries of T0/T1:
    • Primary or secondary: T0 or T1 with North-South running in a single location (Primary)
    • All_Primaries: T0 or T1 with North-South running in all locations (All_Primaries)
    Tunnel End Point (TEP) or Remote Tunnel End Point (RTEP) of the transport node:
    • TEP: IP of the transport node (edge node or hypervisor) for Geneve encapsulation in a location
    • RTEP: IP of the transport node (edge node only) for Geneve encapsulation across locations

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 5


    NSX Federation in NSX-T Data Center 3.0
    The diagram shows Federation for a global policy across data centers.

    NSX Federation provides the following benefits:


    • Operational Simplicity for NSX-T Data Center and
    NSX Cloud
    • Consistent policy configuration and enforcement
    • Simplified DR

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 6


    NSX Federation
    NSX Federation enables operational simplicity, consistent policy configuration, and enforcement.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 7


    Federation Component (1)
    Dedicated GM appliances (VMs) are available.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 8


    Federation Component (2)
    The diagram provides the multiple locations view.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 9


    About NSX Federation
    NSX Federation enables simplified DR.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 10


    Federation Topologies in 3.0.0
    Use case 1: Consistent security policy

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 11


    Security Use Cases
    Simple and central security policy
    configuration:
    • GM groups can be Global, Region,
    or Local.
    • Groups can be dynamic based on
    the tag on any dynamic
    information.
    • Firewalls rules can mix groups or
    span.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 12


    Federation Topologies in 3.0.0
    Use case 2: Global networking and security

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 13


    Network Topologies from GM Supported on NSX-T Data Center 3.0

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 14


    T0 and T1 Deployment Terminology (1)

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 15


    T0 and T1 Deployment Terminology (2)

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 16


    Supported Network Topologies from GM (1)
    NSX-T Data Center 3.0 supports T0-Stretched modes.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 17


    Supported Network Topologies from GM (2)
    NSX-T Data Center 3.0 supports T1-Stretched modes.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 18


    Requirements Summary
    Site-to-site traffic:
    • All GM and LM that run NSX-T Data Center 3.0
    • Latency (RTT) < 150 ms between any site
    • IP and firewall connectivity:
    – Connectivity without NAT and allow management between GM-LM and LM-LM
    – Connectivity without NAT and allow data plane between edge nodes (RTEP)
    • No WAN bandwidth requirement:
    – Recommended: No congestion for Management Plane (GM-LM and LM-LM traffic), and as much as possible,
    no congestion for Data Plane (edge nodes RTEP)
    • No WAN MTU requirement:
    – Recommended: 1,700+ to avoid the edge node RTEP traffic fragmentation
    • For Data Plane recovery:
    – Public IP address (advertised segments and NAT) must be advertisable from both locations.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 19


    About Licensing
    All LM must have Enterprise+ licenses.
    GM controls the correct LM license at the LM onboarding phase.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 20


    About Orchestration
    NSX-T Data Center Federation can be 100 percent orchestrated:
    • Through VMware third-party orchestration:
    – Tanzu Kubernetes Grid Integrated Edition
    – vRealize Automation
    – vRealize Orchestration
    – VMware Integrated OpenStack or OpenStack
    – vCloud Director
    • Through customer orchestration by using:
    – NSX API
    – Terraform
    – Ansible
    • Each Orchestration solution is available with a GM plug-in.
    • Contact the Orchestration owner for details.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 21


    Design Examples (1)
    The example shows active-standby disaster recovery.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 22


    Design Examples (2)
    The example shows active-active disaster recovery

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 23


    Design Examples (3)
    The example shows active-active data centers with local egress.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 24


    Federation Design Considerations (1)
    To support Federation, your environment must meet the following requirements:
    • A latency of 150 ms or less must exist between locations with the Federation environment.
    • NSX-T Data Center 3.0 must be installed on the GM and all LMs.
    • The required ports must be open to allow communication between the GM and LMs.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 25


    Federation Design Considerations (2)
    Connectivity without NAT must exist between the following components:
    • GM and LM.
    • LM and remote LM.
    • Edge node RTEP and remote edge node RTEP.
    GM supports only Policy mode. Federation does not support the Manager mode.

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 26


    Review of Learner Objectives
    • Explain Federation terminology
    • Identify the capabilities of Federation
    • Identify the Federation design use cases
    • Describe the stretch TO/T1 design
    • Review the design requirements for a design with Federation

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 27


    Key Points
    • NSX Federation enables operational simplicity for NSX-T Data Center.
    • NSX Federation enables global configuration of NSX-T Network and Security services across sites.
    • NSX Federation enables consistent policy configuration and enforcement.
    • NSX Federation enables simplified disaster recovery.
    • To use the Federation feature, certain licensing and system requirements must be met.
    Questions?

    © 2020 VMware, Inc. VMware NSX-T Data Center: Design | 11 - 28

    You might also like