Importance The NSX-T Data Center Federation feature enables you to maintain consistency between multiple data centers and achieve simplicity and design for the implementation of disaster recovery.
Learner Objectives • Explain Federation terminology • Identify the capabilities of Federation • Identify the Federation design use cases • Describe the stretch TO/T1 design • Review the design requirements for a design with Federation
Federation Terminology (1) Global Manager (GM) or Local Manager (LM): • GM: A system that federates multiple LMs • LM: A system in charge of network and security services for a location Location, Region, or Global of an NSX object: • Location: Network or Security object sent to a single location • Global: Network or Security object sent to all locations • Region: Security object sent to one or multiple locations that are part of the same region (such as EMEA): – Region does not apply to Network objects.
Federation Terminology (2) Local or Stretched of the T0, T1, or segment: • Local: T0, T1, or segment with a span of one LM • Stretched: T0, T1, or segment with a span of more than one LM (two or more) Primary, secondary, or All_Primaries of T0/T1: • Primary or secondary: T0 or T1 with North-South running in a single location (Primary) • All_Primaries: T0 or T1 with North-South running in all locations (All_Primaries) Tunnel End Point (TEP) or Remote Tunnel End Point (RTEP) of the transport node: • TEP: IP of the transport node (edge node or hypervisor) for Geneve encapsulation in a location • RTEP: IP of the transport node (edge node only) for Geneve encapsulation across locations
Security Use Cases Simple and central security policy configuration: • GM groups can be Global, Region, or Local. • Groups can be dynamic based on the tag on any dynamic information. • Firewalls rules can mix groups or span.
Requirements Summary Site-to-site traffic: • All GM and LM that run NSX-T Data Center 3.0 • Latency (RTT) < 150 ms between any site • IP and firewall connectivity: – Connectivity without NAT and allow management between GM-LM and LM-LM – Connectivity without NAT and allow data plane between edge nodes (RTEP) • No WAN bandwidth requirement: – Recommended: No congestion for Management Plane (GM-LM and LM-LM traffic), and as much as possible, no congestion for Data Plane (edge nodes RTEP) • No WAN MTU requirement: – Recommended: 1,700+ to avoid the edge node RTEP traffic fragmentation • For Data Plane recovery: – Public IP address (advertised segments and NAT) must be advertisable from both locations.
About Orchestration NSX-T Data Center Federation can be 100 percent orchestrated: • Through VMware third-party orchestration: – Tanzu Kubernetes Grid Integrated Edition – vRealize Automation – vRealize Orchestration – VMware Integrated OpenStack or OpenStack – vCloud Director • Through customer orchestration by using: – NSX API – Terraform – Ansible • Each Orchestration solution is available with a GM plug-in. • Contact the Orchestration owner for details.
Federation Design Considerations (1) To support Federation, your environment must meet the following requirements: • A latency of 150 ms or less must exist between locations with the Federation environment. • NSX-T Data Center 3.0 must be installed on the GM and all LMs. • The required ports must be open to allow communication between the GM and LMs.
Federation Design Considerations (2) Connectivity without NAT must exist between the following components: • GM and LM. • LM and remote LM. • Edge node RTEP and remote edge node RTEP. GM supports only Policy mode. Federation does not support the Manager mode.
Review of Learner Objectives • Explain Federation terminology • Identify the capabilities of Federation • Identify the Federation design use cases • Describe the stretch TO/T1 design • Review the design requirements for a design with Federation
Key Points • NSX Federation enables operational simplicity for NSX-T Data Center. • NSX Federation enables global configuration of NSX-T Network and Security services across sites. • NSX Federation enables consistent policy configuration and enforcement. • NSX Federation enables simplified disaster recovery. • To use the Federation feature, certain licensing and system requirements must be met. Questions?