Intro
Welcome to Part 11 of the NSX-V Lab Series. In the previous post, we covered configuring our secondary NSX Manager prepared our Site B hosts and configured them for VXLAN.
In this post we will configure our Transport zones.
What is a transport zone?
A transport zone is used to define the scope of a VXLAN overlay network and can span one or more vSphere clusters. The transport zone defines a collection of ESXi hosts that can communicate with each other and defines the span of logical switches.
One or more transport zones can be configured in an NSX for vSphere solution, depending on requirements, but a zone is not a construct used to delineate a security boundary.
Basically Transport zones are set on a cluster and a VM on that cluster will connect to a logical switch that logical switch will be connected to a distributed logical router (DLR) which is part of that transport zone, the VM can move to any host on the cluster and still maintain connectivity to the logical switch.
If you add a second cluster to the Transport zone then the VM can be moved to the other cluster and also still maintain a connection to that logical switch.
A distributed logical router (DLR) which we will cover in a couple of posts time connects the logical switches in the same transport zone together.
If you have for example two transport zones then you will need two DLR’s and Edges as logical networks in different Transport Zones cannot communicate directly with each other they will need to be routed at Layer 3.
A Transport zone should match the span of a virtual Distributed Switch (vDS) not doing so is very very bad!
The below diagram from VMware shows this, the four hosts on the left are compute hosts and in two, two host clusters. They share the same compute vDS. The two hosts on the right are the Edge hosts and they are part of the Edge vDS.
All hosts are part of the same transport zone.
5001, 5002 and 5003 are the logical switches.
As all hosts are connected to a vDS which is part of the TZ all VM’s can communicate with each other.
In this example the two left hosts are not part of the Transport zone as the cluster has not been added. A VM can be migrated to one of these hosts as the vDS spans that cluster but because they are not part of the transport zone the DLR will not be on the host and this will cause the VM’s to not be able to communicate on the network.
The Build
We start the Transport zone configuration on the Primary NSX Manager.
Browse to ‘Installation and Upgrade’ ‘Logical Network Settings’ ‘Transport Zones’ then click on ‘+ ADD’
The first Transport Zone (TZ) we are going to configure is the Universal TZ remember there can only be 1 Universal TZ. Give it a name and then mark the Universal Synchronization to ‘On’
We will be using Unicast in the lab as it doesn’t require anything on the physical network it is also basically the same as the recommended replication mode for NSX-T so it makes sense to use it for production builds as it will make a migration to NSX-T easier.
Finally Select the clusters that will be a part of the TZ for me thats the Edge and Compute clusters. Tick them them click ‘ADD’
Repeat the process to add a global TZ. Global TZ’s are not technically required in a cross site NSX deployment however if you have workloads that are local only to the single site and you want to isolate the traffic from the rest of the traffic such as a management network them using a global TZ is a good option. For completeness we will configure a global TZ at each site.
Notice that the option to mark for Universal Synchronization is not available, this is because there can only be one Universal TZ and we have already created it.
Give the Global TZ a name, a good practise it to include the site name in the name.
Again select Unicast and add the desired clusters then click ‘+ ADD’
We now have two Transport Zones on our primary NSX Manager.
Change the dropdown to the secondary NSX Manager.
You will see the Universal TZ that we just created. We need to add the Site B clusters to this TZ.
Make sure the Universal TZ is selected and click on ‘CONNECT CLUSTERS’
Add the Site B edge and compute clusters and click ‘SAVE’
Now we need to add the Site B global TZ.
The process is the same as before.
Site B is now configured as well.
That’s all there is to it very simple to configure.
In the next post we will configure our Logical Switches for our test app and our transit networks.
NSX-V Lab Part:12 NSX-V Logical Switches