Road to VCAP6-NV: Objective 1.3 – Configure and Manage Transport Zones

VMwareNSX

In this blog post I will cover section 1 objective 1.3 of the VCAP6-NV Deploy exam.

Objective 1.3 – Configure and Manage Transport Zones

  • Create Transport Zones according to a deployment plan
  • Configure the control plane mode for a Transport Zone
  • Add clusters to Transport Zones
  • Remove clusters from Transport Zones

 

Create Transport Zones according to a deployment plan

A transport zone determines which hosts will be included in a logical switch domain. A transport zone can span one or more clusters. They determine which VMs can be used in a certain network. You can have multiple transport zones and a cluster can belong to multiple transport zones. But a logical switch can only belong to one transport zone. The span of a logical switch is limited to the transport zone that it belongs to. A distributed logical router can connect to logical switches that are from different transport zones. Once you connect to a logical with in one transport zone with the logical router, you will only be able to select from other logical switch within the same transport zone.

A few other things that you might want to consider when creating your transport zone are:

  • If VMs from two separate clusters need to communicate with each other, you will want to have both clusters as part of the same transport zone
  • All logical switches within a transport zone will be visible to all VMs within the clusters within the transport zone. If you have VMs that are a part of a cluster that need to be secured, then you might consider creating a separate transport zone strictly for the secured VMs.
  • Best practice is to make sure that the span of your vDS matches your transport zone span. That means that you should make sure that all clusters that are a part of vDS be included in a transport zone.

Here’s the example from the NSX Installation guide on what a properly aligned and misaligned transport zone looks like:

Properly aligned transport zone

tz04

Misaligned transport zone

tz05

To create a transport zone, navigate to Networking & Security > Installation > Logical Network Preparation > Transport Zones and click the green +. Select the clusters and replication mode that you want to use. Click OK.

tz01

Now you see your newly created Transport Zone.

tz02

Configure the control plane mode for a Transport Zone

Let’s try to understand the control plan a little more. When two VMs that are connected to different ESXi hosts must communicate, VXLAN encapsulated traffic is exchanged between the VTEP IP addresses (This was configured during host preparation) of the two hosts. NSX has a bit for a flag called REPLICATE_LOCALLY that is set to 1 for delivery to a proxy VTEP. When sending traffic to a remote segment, the source or sending VTEP selects a proxy VTEP in the destination segment. The proxy VTEP selection is made locally and individually by each ESXi hosts to make sure that replication is handled by multiple VTEPs. When a proxy VTEP receives a unicast frame with the REPLICATE_LOCALLY bit, its job is to replicate that frame to other VTEPs in the same IP subnet. The way in which the proxy handles this is determined by the control plane replication mode

During the creation of your transport zone, you have to select a replication mode. That’s what’s considered to be your control plane mode. Transport zones support control plane modes of the following types:

  • Multicast: In multicast mode all VTEPs participate in a multicast group. IGMP snooping is needed on the physical network. The source VTEP sends only one frame to the destination and the replication is offloaded to the physical network
  • Unicast: The control plane is handled by an NSX controller. All replication is done using unicast. All unicast traffic leverages optimized headend replication. No multicast IP addresses or special network configuration is required. A VTEP proxy is chosen by the ESXi host to handle replication of BUM (Broadcast, Unicast,Multicast) traffic for the remote segment. So the source VTEP replicates the encapsulated frame to each local VTEP and remote VTEP using unicast. The destination VTEP receives the frame and then replicates that frame to each local VTEP through unicast.
  • Hybrid: This mode works similar to unicast mode except it offloads local traffic replication to the physical network. This requires IGMP snooping on the first-hop switch and access to an IGMP querier in each VTEP subnet, but does not require PIM. The first-hop switch handles traffic replication for the subnet. So the source VTEP replicate the encapsulated frame to each local VTEP using multicast and it replicated the encapsulated frame to the remote VTEP using unicast. The remote VTEP then replicates the frame to each local VTEP using multicast.

 

Add clusters to Transport Zones

This is done simply by right clicking the transport zone and selecting Connect Clusters. Then select the clusters that you want to add

tz03

Remove clusters from Transport Zones

Just like adding a cluster to a transport zone, removing one is similar. Right click on the transport zone and click Disconnect Clusters. Then deselect the clusters that you want to remove from the transport zone.

tz03

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s