Create/configure Universal Logical Switches (ULS)
Any Logical Switches created in a Universal Transport Zone are Universal Logical Switches and it provides Layer 2 connectivity across VC boundaries. You can connect 2 VM’s that are running in different vCenter instance to a ULS and can ping across.
Universal Logical Switches can only be created on the Primary NSX Manager and once created, they are Synced to secondary NSX Manager .
To create a universal LS, login to vCenter Web Client and navigate to Networking & Security > Logical Switches and select Primary NSX manager from the drop down and click on + button.
Provide a name for the ULS and make sure to attach it to universal transport zone else it will be created as a local LS.
I created 2 universal LS for a 3-Tier app in my lab.
Let’s test the connectivity between the VM’s.
I have 2 VM’s named ‘Universal-App-01’ and ‘Universal-DB-01’ and they are currently connected to my management network and have IP’s 172.18.10.2 and 172.18.10.3 respectively.
VM ‘Universal-App-01’ resides in vCenter ‘vcsa-01a.corp.local’ and VM ‘Universal-DB-01’ is in ‘vcsa-01b.corp.local’
I have added both the VM’s to ULS “Universal-App-Tier”
and I tested ping from both VM to each other and I got a successful ping between them.
so you can see that two VM’s which are on same L2 network but in different vCenter, can communicate to each other when connected to a universal logical switch.
Create/Configure Universal Distributed Logical Routers
Universal Distributed Logical Routers provides optimized East/West routing for VMs across VC boundaries. To configure a UDLR, you need to have universal transport zone, universal segment ID pool and universal logical switches created in advance. I have already created all of these in my lab. Lets deploy a UDLR.
To create a Universal DLR, navigate to Networking & Security > NSX Edges and click on + button.
Specify Name/Hostname for the DLR and select Install type as “Universal Logical Router” and check mark “Enable Local Egress”. We will discuss about local egress in next section of this blog.
I skipped few screens as it’s a standard edge deployment task.
On configure interfaces page, you can see that I have attached 3 universal logical switches to this UDLR and each LS is on its own IP segment.
Lets test the UDLR functionality.
- I attached my “Universal-App-01” VM to the ULS ‘Universal-App-Tier’ and provided an IP address 172.18.10.2. Default gateway for this VM points to 172.18.10.1
- I attached my “Universal-DB-01” VM to the Universal-DB-Tier’ and provided an IP address 172.18.30.2. Default gateway for this VM points to 172.18.30.1
If we have configured the UDLR correctly, these 2 VM’s should ping each other.
Ping test: From U-App-01 to U-DB-01
Ping test: From U-DB-01 to U-App-01
And we verified that east-west routing is working as expected.
Configure Local Egress
While deploying UDLR we check marked option “Enable Local Egress”
But what is Local Egress?
Local egress allows you to control what routes are provided to ESXi hosts based on an identifier, the locale ID. Each NSX Manager is assigned a locale ID, which is set to the NSX Manager UUID by default. You can override the locale ID at the UDLR/Cluster or Esxi host level
If you do not enable local egress the locale ID is ignored and all ESXi hosts connected to the universal logical router will receive the same routes.
Whether or not to enable local egress in a cross-vCenter NSX environment is a design consideration, but it is not required for all cross-vCenter NSX configurations.
If you want to use the Local Egress feature you need to enable this when deploying the UDLR. Local Egress can’t be enabled post-deployment.
And that’s it for this post.
I hope you find this post informational. Feel free to share this on social media if it is worth sharing. Be sociable 🙂