Embed Size (px)
Citation preview
Edge VLAN
.2 .3
Nexus
7000
N7K# show ip route...S 10.1.0.0 /16 via 1.1.1.5
WAN / Internet
.5
vPC enabled
NSX Distributed Router
.1hsrp
Micro-Segmentation
VM
Exists on all hostsNo stateful servicesOne host (DI) elected as .5 MAC/ARP
45-60 second failover.1
.1.1
VMVMVM
VXLAN Logical Switch 110.1.1.0 /2410.1.2.0 /28
LSW 210.1.9.0 /28LSW N VTEP VLAN
vPC enabled
On
Dem
and
Pre
Cre
ated
1.1.1.0 /24
Stateful distributed firewall
bradhedlund.com
bradhedlund.com
VM
DistributedRouter
DistributedFirewall
Compute Host Compute Host
kernel
user
VXLAN Logical Switch 110.1.1.0 /24
Nexus
7000
WAN / Internet
vPC
static route
VM
VTEP VLAN vPC
DesignatedInstance (DI)
Edge VLAN vPC
.1 .1
.5
1.1.1.0 /24
N7K# show ip route...S 10.1.0.0 /16 via 1.1.1.5
Edge VLAN
.2 .3
Nexus
7000
.5
vPC enabled
NSX EdgeStateful services
.1hsrp
.5
.2NSX Distributed RouterExists on all hosts, including EdgeAll hosts forward for .2 MACNo DI election necessary
Exists on “Edge” hostsAnti-affinity for HA~6 second failover
10.1.255.0 /24.1
Micro-Segmentation
VMVMVMVM
VXLAN Logical Switch 110.1.1.0 /2410.1.2.0 /28
LSW 210.1.9.0 /28LSW N VTEP VLAN
vPC enabled
(HA)
.1
FW/NAT/VPN
On
Dem
and
Pre
Cre
ated
1.1.1.0 /24
Stateful distributed firewall
bradhedlund.com
Transit Logical Switch (VXLAN)
.1
.1 .1
bradhedlund.com
Transit Logical Switch
VM
VTEP VLAN
DistributedRouter
NSXEdge
DistributedFirewall
Compute Host Edge Host
kernel
user
VXLAN Logical Switch 110.1.1.0 /24
Nexus
7000
WAN / Internet
Edge VLAN
vPC
vPC
static route
10.1.255.0 /24
.2 .2
.1 .1
.1
.5
FW/NATVPN
1.1.1.0 /24
N7K# show ip route...B 10.1.1.0 /24 via 1.1.1.5
...
Edge VLAN
1.1.1.0 /24
.2 .3
Nexus
7000
.5NSX Edge
Stateful services
.5
.2NSX Distributed RouterExists on all hosts, including EdgeAll hosts forward for .1 and .2 No DI election necessary
Exists on “Edge” hostsAnti-affinity for HA~6 second failover
10.1.255.0 /24
.1
Micro-Segmentation
VMVMVMVM
VXLAN Logical Switch 110.1.1.0 /2410.1.2.0 /28
LSW 210.1.9.0 /28LSW N
(HA)
.1
FW/NAT/VPN
On
Dem
and
Pre
Cre
ated
Edge VTEP VLAN
vPC enabled
Non-vPC
Host VTEP VLANTransit Logical Switch (VXLAN)
Non-vPC
Stateful distributed firewall
bradhedlund.com
10.1.255.0 /24
.1
.1 .1
bradhedlund.com
VM
Host VTEP VLAN
DistributedRouter
Compute Host Edge Host
kernel
user
VXLAN Logical Switch 110.1.1.0 /24
Nexus
7000
WAN / Internet
Edge VLAN
vPC
Non-vPC
dynamic route
Edge VTEP VLANvPC enabled Non-vPC
DistributedFirewall
Transit Logical Switch 10.1.255.0 /24
.2
.1
NSXEdge
FW/NATVPN
1.1.1.0 /24
.2
.1
.5
.1
Edge VTEP VLAN
vPC enabled
Edge VLAN
N7K# show ip route...B 10.1.1.0 /24 via 1.1.1.11
1.1.1.121.1.1.131.1.1.14
....2 .3
Nexus
7000
.11
Non-vPC
NSX Edge 6.1
.2
NSX Distributed Router 6.1Exists on all hosts, including Edge8-way ECMP upstream
8-way ECMP
.11
Micro-Segmentation
VMVMVMVM
VXLAN Logical Switch 110.1.1.0 /2410.1.2.0 /28
LSW 210.1.9.0 /28LSW N
No stateful services
On
Dem
and
Pre
Cre
ated
8
.12 .13 .14
Transit Logical Switch (VXLAN)10.1.255.0 /24
.12 .13 .14
Edge hosts only
Non-vPC
Host VTEP VLAN
1.1.1.0 /24
Stateful distributed firewall
bradhedlund.com
.1
.1 .1
bradhedlund.com
VM
Host VTEP VLAN
DistributedRouter
NSXEdge
Compute Host Edge Host 1
kernel
user
Nexus
7000
WAN / Internet
vPC
dynamic 8-way ECMP routing
Edge VTEP VLANvPC enabled Non-vPC
DistributedRouter
NSXEdge
Edge Host 8
Transit Logical Switch
10.1.1.0 /24
Edge VLANNon-vPC
10.1.255.0 /24
.2
.1
VXLAN Logical Switch 1
DistributedFirewall
.1 .1
.2 .2
.11 .18
.11 .18
1.1.1.0 /24
L3
