Two cups of Espresso in me and a late night blog. Writing while working just to keep me awake.
So without much further wait, i had a scenario similar to below design:
- Two sites names “Site A” and “Site B”
- 1 compute cluster residing in each site
- Two universal Logical Switches named “Web” and “App” with two VMs connected to them but each VM is running in separate site
- A single Universal logical Router to provide E-W Routing and connectivity to ESG
- Single ESG in each site running iBGP with Universal logical router and eBGP with physical router
- Communication to each VM should be established from respective site ESG.
- VMs should be reachable from different sites as well.
For e.g. as per above diagram, VM with IP address 172.16.30.11 & 172.16.40.11 should use ESG 10.10.4.10 to connect to physical world whereas VM with IP address 172.16.30.101 & 172.16.40.101 should use ESG 10.20.4.10 to connect to physical world.
- Deploy ULR with Local Egress enabled.
- Local Egress feature can only be enabled during creation of universal logical router.
- Create two universal transit switch at primary NSX manager, one being used at Site B and another at Site B to implement iBGP with respective ESG.
- In my case, i implemented two universal transit logical switches, site A will use 172.16.73.0/28 and site B will use 172.16.173.0/28.
- Configure Locale ID on ULR so local route advertisement can be done to ESXi. Go to Routing, then Global Configuration and edit locale ID.
- Now configure interfaces on ULR.
- Once interfaces are configured, Deploy control VM at primary side if not done, else start with BGP configuration. Configure BGP and route redistribution to start advertising routes.
- Do not forget to make static route entry to provide connectivity to Site B. Else Site B will not be able to communicate with Site A.
- Now connect to secondary NSX manager and go to ULR. Deploy control VM so it can participate in dynamic routing. Finished configuration should look like below:
- Similarly perform Locale ID, BGP configuration, route redistribution and static route entry to provide connectivity to Site A.
- If all is done correctly, you should be able to connect to VMs from their respective sites as well as from other sites as well.
Thank you for sticking till end. Let me know your thoughts on above.