This is not technically a reader’s question (although he
says he has read this blog) J,
however the question was asked and I thought it interesting enough to write a
short piece about it.
NSX for vSphere (NSX-V) has something called the Logical
Router (LR). The LR consists of two components: a Control Plane component and a
Data Plane component. The Data Plane component comes in the form a vSphere
Information Bundle (VIB) that gets installed by NSX Manager in the ESXi hosts.
The Control Plane component is a Virtual Appliance (Virtual Machine) called
Logical Router Control VM (or just Control VM for short).
In the first version of NSX-V (6.0), the Control VM had an
interface called the Management Interface. This interface was intended for use
of Edge HA, SSH and logging (and there is one more I can’t quite recall right
now). Anyhow, you could assign an IP to the Management Interface and connect it
to a dvPortgroup or a logical switch. The thing was that the Control VM
couldn’t be assigned a default gateway, not even a static route. For most
practical purposes having the Management Interface in the Control VM was
useless unless you were talking to the Control VM’s Management Interface from
the same subnet.
Little history: The Control VM had a Management Interface
because the Control VM is a modified NSX Edge.
In NSX-V 6.2 VMware did away with the need of
the Management Interface for remote communications with the NSX Edge (and thus the Control VM). Instead
it renamed it the HA interface and it is intended for use with Edge HA. However
there is a way to get SSH access to the Control VM (and even configure
logging).
First, the Control VM now leverages the routing table of the
LR (Data Plane component) to route. The Control VM will decide which is the next
hop based on what is in the routing table and its traffic accordingly.
Second, it uses the Protocol IP of the configured routing
protocol (OSPF or BGP) as its IP. The Protocol IP is always configured in
the LR’s Uplink interface but the Control VM won’t start using it until a routing
protocol is enabled in the LR. It doesn’t matter if the LR has no OSPF Adjacencies
or BGP Neighbors. As long as the LR has the routing protocol enabled, the
Protocol IP will be used by the Control VM.
Elver’s Opinion: If you are not getting any routes
advertised via the routing protocol you must configure some static routes in the
LR so the Control VM can communicate with remote entities.
.elver
No comments:
Post a Comment