Principles
- Understand the function of a Transport Zone
- Understand proper addition of a Transport Zone
- Understand necessity to expand or contract a Transport Zone
- Edit a Transport Zone
- Understand appropriate use of Control Plane mode modification of a Transport zone
References
- NSX Administration Guide
http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf
- NSX Installation Guide
https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_install.pdf
- NSX Cross-vCenter Installation Guide
http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf
Understand the function of a Transport Zone
- A Transport Zone defines the span (or reach) of Logical Networks (VXLANs)
- A Logical Switches (VXLANs) is only presented to clusters within the Transport Zone for which it is configured
- Transport Zones can be Local (Global) or Universal for Cross-vCenter deployments
- A Transport Zone may consist of one or more clusters, each with its own vDS
- Logical Switches configured in a Transport Zone may therefore extend across multiple vDS
- A Cluster can belong to one or Transport Zones
- VMs cannot communicate to VXLANs outside their own Transport Zone
- DLRs and ESGs can connect to VXLANs in a single Transport Zone only
- A cluster that requires L3 connectivity must be connected to a Transport Zone that contains Edge devices (DLR, ESG)
- Typically, DLRs and ESGs are placed in a dedicated cluster separate from the compute clusters, therefore any such Edge Cluster must be included in included the Transport Zone that a Compute Cluster is in
- All VMs in a cluster have access to VXLANs configured within a Transport Zone
- For secure environments, consider placing sensitive workloads in a dedicated cluster and a separate Transport Zone
- The span of the vDS should match the Transport Zone i.e. all clusters connected to a vDS should be included in a single Transport Zone
- If any clusters connected to a vDS are left out of the Transport Zone, they will still have access to VXLANs configured with the zone but this can cause routing problems because any DLRs deployed inside the Transport Zone will configure LIFs outside of the Transport Zone
- In the example above the DLR LIFs are restricted to the Transport Zone
- Workloads in Cluster Comp-A have no access to the DLR LIFs and therefore cannot reach the gateway
Understand proper addition of a Transport Zone
- Cross-vCenter configurations are restricted to a single Universal Transport Zone
- Multiple Global (Local) Transport Zones can be configured on each NSX Manager
- Universal Objects can only be managed from the Primary NSX Manager
- Set the replication mode when creating a Transport Zone:
- Muticast
Recommended for upgrades from vCNS where multicast configuration on the physical network was required
-
- Unicast
Control Plane is handled by the NSX Controller
-
- Hybrid
Offloads local replication to the physical network
Requires IGMP snooping on the first hop switch and access to an IGMP querier on the VTEP network
The first hop with handles replication for VTEP BUM traffic
Note: when using Hybrid Mode in a Universal Transport Zone, ensure that the IGMP multicast address is unique within the environment
Understand necessity to expand or contract a Transport Zone
Transport Zones may need to be expanded or contracted depending on the changing topology of the Datacenter. e.g. If new clusters are added to an environment they can be added to an existing Transport Zone. Likewise removing a cluster necessitates it’s removed from an existing Transport Zone
Edit a Transport Zone
The following items can be edited on a Transport Zone:
- Name
- Description
- Control Plane Mode
If control plane mode is changed, the click “Migrate existing Logical Switches to the new control plane mode” to migrate existing logical switches to the new replication mode (Unicast, Hybrid or Multicast). If not selected, then only new logical switches added to the transport zone will get the new control mode and replication will be disjointed
Understand appropriate use of Control Plane mode modification of a Transport zone
The control plane mode should be modified if there is a material change to the network design or requirements e.g. an upgrade from vCNS means that multicast is no longer required, and the control plan change be changed to Hybrid or Unicast. Bear in the mind the requirements for each control plane mode e.g. Hybrid requires an IGMP querier on the transport network and together with IGMP snooping. Likewise, if deploying a Universal Transport Zone then ensure the IGMP multicast address is unique to the environment