NSX-T Federation Series (Pt.7): How traffic flows in a Federation design

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody mike here in this short video we're going to talk a little bit about how the federation traffic flow works and i know this is a very hot topic for a lot of you that are maybe familiar with the concepts of nsxt but you're not sure how that really fits when you add multiple locations routing is always a topic so we're not going to get too much into routing in this video in the next one we will talk about that a bit more there's some design choices you have to make which will influence routing but that said let's get into it all right so first i want to talk about non-federation east-west traffic what does it look like if i'm just doing nsx within one site in this case we have one location we have paris right here and we have three vsphere hosts in this case we only have two vms we have one vm on this host one vm in this host we have our edge cluster here which is again our on off ramp for nsx so if we're on an overlay network then that is basically the spot where we hit before we get into kind of the real network aka non-overlay network or the physical network then we also have these type ips or tunnel endpoints and these are just vm kernels in the case of vsphere and these are dedicated interfaces they're just layer 3 ips essentially that the host is using to terminate these overlay tunnels so what normally happens with east-west traffic so let's say this vm here wants to talk to this vm right here what would normally happen is this host there is the vmware installation bundles on the host that allow nsx to do its magic so because that vm is connected to an nsx port group it knows that it needs a little bit extra treatment versus maybe a standard port group so what happens is it then does a route lookup it looks through the distributed firewall all of that stuff that all happens within this host and it'll then say okay well i know this other vm i'm trying to reach is on this host right here so this host will encapsulate it and send it via geneve so it'll be udp port 6081 and it will send it with a source and destination ip of this type and this type ip and keep in mind that original packet is encapsulated so the original packet is still intact when it gets to this host that host will unencapsulate it and pass it off to the vm and they think they're on the same switch and the return path is exactly the same now keep in mind the point here is there's no involvement of the edge nodes big caveat here the edge nodes would be involved if we're doing any kind of stateful services like nat for example there are scenarios where even in this case traffic would go to the edge cluster first before coming down to this host so it's one of those things it just depends on your situation but just normal east-west will say this is what it looks like now let's look at what it looks like in a federation deployment so first just to get our bearings here i've mistakenly put two locations that are the same name they both say paris so let's just prevent pretend this one is something different now if we see here we have an edge cluster at both sites we have a tep ip for each edge node and we have something new called an r tap or remote tunnel endpoint and we've got one of these for each edge node i'm sure that'll change at some point but that's how it is today now if you were paying attention in the last slide you would be tempted at this point to say well mike traffic is probably it probably does you know the distributive firewall lookup the route lookup all that and probably routes it like this so a source of this destination of this step even if they're in the same segment that's what we're talking about east-west so they're in the same segment even if they weren't in the same segment it doesn't really matter they're not going to go like this you would be tempted to think that that's the case because that's how it works with nsx within a single site but that's not it the way it works in a federation deployment is that traffic would be sent to the edge cluster within your local site and that edge cluster one of the edge nodes whichever one received that packet would actually re-encapsulate that packet and use its source rtep and a destination r-type ip over here for that new geneva encapsulation so it's not a double encapsulation it's actually taking off the original encapsulation and re-encapsulating it and sending it over to that other site as we see here so it's still geneve traffic but it is source and destination of these rtep ips not these steps or not these steps once it gets to the destination site it's pretty straightforward that encapsulation is stripped and it's then basically re-encapsulated and sent on its way to wherever it was supposed to go in the first place in this case that would be this step right here so that's how federation east-west works now what about non-federation let's talk about north-south a bit so non-federation again we're back to not doing any federation this is one location this is really easy in a nutshell if you're on an overlay segment in nsx all traffic will go to your edge nodes and then out to the internet or out to wherever they're trying to go from there that's pretty much a universal rule if you're on an overlay network now if you're on a vlan backed segment none of this applies you would be using the default physical gateway wherever that is on your network that's what you would be using so none of this would apply for vlan back segments just keep that in mind now what about for federation and this is the part you probably joined the video for and guess what i'm going to say it really just depends unfortunately there's so many scenarios with north south in multiple locations that i just can't go over them all in this video but the good news is we are going to stretch a t0 and i'm going to show you some of those options and some of those design choices so we're going to basically focus really heavy on north south in the next episode lesson whatever you want to call it we're going to focus on it i promise so that said i hope this was helpful i hope everyone's staying safe and healthy until next time take care
Info
Channel: NRDY Tech
Views: 525
Rating: 5 out of 5
Keywords:
Id: WaBXEUXv5Pc
Channel Id: undefined
Length: 5min 35sec (335 seconds)
Published: Fri Feb 12 2021
Related Videos
Is the CCIE still worth it in 2021?
NRDY Tech
3.8K
how I got into IT [Career Advice]
NRDY Tech
235
'You're Here Under Oath, Are You Going To Answer The Questions?' Cruz Grills TikTok Executive
Forbes Breaking News
1M
The Simplest Math Problem No One Can Solve - Collatz Conjecture
Veritasium
15M
NSX-T Federation Series (Pt.2): Components
NRDY Tech
598
NSX-T Federation Series (Pt.3): Global Manager Demo
NRDY Tech
540
NSX-T N-VDS vs. VDS (Pt. 3)
NRDY Tech
1.1K
I took the VCP-NV without studying..here’s what happened
NRDY Tech
1.6K
NSX-T Transport Zones in 5 minutes!
NRDY Tech
5.5K
Stanley Druckenmiller talks about if we're in a tech bubble, what makes a great investor, and more
Toggle AI
139K
NSX-T Federation Series (Pt.4): Federation Lab Overview
NRDY Tech
421
Watch this before you buy (or sell) vRealize Network Insight
NRDY Tech
217
NSX-T 3.0 from Scratch (Pt. 5): vCenter Config & Network Prep
NRDY Tech
6.3K
NSX-T Federation Series (Pt.5): How Overlay Networking Works
NRDY Tech
2.1K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.