NSX-based Non-Distributed Routing in VMware Cloud Director: A Comprehensive Guide
Introduction:
VMware Cloud Director (VCD) is a powerful tool for managing and deploying virtualized infrastructure. With the latest version of VCD (10.3.2 or later), administrators can now use non-distributed routing (NDR) to isolate East-West traffic between different organization virtual data center (VDC) networks. In this article, we will explore how to use NDR in VCD, its benefits, and limitations.
What is Non-Distributed Routing (NDR)?:
Non-distributed routing is a networking concept that allows administrators to isolate traffic between different networks without the need for distributed routers. In the context of VCD, NDR enables administrators to create separate logical networks for each organization VDC, while still allowing East-West traffic between them. This feature is especially useful when you want to ensure that traffic within one VDC does not leak into another VDC’s network.
How to Use NDR in VCD:
To use NDR in VCD, follow these steps:
Step 1: Enable NDR on the Edge Gateway
* Log in to the VCD management console and navigate to the Edge Gateway settings.
* Click on the “Advanced” tab and scroll down to the “Non-Distributed Routing” section.
* Select the “Enable Non-Distributed Routing” checkbox to turn on NDR for the Edge Gateway.
* Save your changes.
Step 2: Create a Segment for Each VDC Network
* In the VCD management console, navigate to the “Networks” section.
* Click on the “Create Network” button and select “Segmented Network” from the dropdown menu.
* Enter a name for your new network segment and click “Next”.
* Select the Edge Gateway you want to associate with this segment and click “Finish”.
Step 3: Configure Non-Distributed Routing on Each Segment
* Repeat step 2 for each VDC network you want to isolate.
* Once you have created a segment for each VDC network, go back to the Edge Gateway settings and select the “Non-Distributed Routing” tab.
* Select the “Enable Non-Distributed Routing” checkbox for each segment you want to isolate.
* Save your changes.
Step 4: Verify NDR Configuration
* Go back to the VCD management console and navigate to the “Networks” section.
* Click on the name of each segment you created to verify that NDR is enabled for each one.
* You should see a message indicating that NDR is enabled for each segment.
Step 5: Test NDR Functionality (Optional)
* To test the NDR functionality, create a test VM in each VDC network and try to communicate between them using the East-West traffic isolation feature.
* If everything is configured correctly, you should not be able to access any resources outside of your own VDC network.
Benefits of NDR in VCD:
1. Improved Security: NDR helps ensure that East-West traffic between different VDC networks is isolated, reducing the risk of security breaches and unauthorized access.
2. Better Network Performance: By isolating traffic between different VDC networks, NDR can help improve network performance and reduce congestion.
3. Increased Flexibility: With NDR, administrators can create separate logical networks for each organization VDC, allowing for greater flexibility in network design and configuration.
Limitations of NDR in VCD:
1. Limited to Edge Gateways: NDR is only available on Edge Gateways, so you cannot use it with other types of networking devices.
2. No Support for Distributed Routing: NDR is a non-distributed routing feature, so it does not support distributed routing protocols like OSPF or BGP.
3. Limited to Single-Tier Architecture: NDR is only supported in single-tier architectures, so it may not be suitable for multi-tier deployments.
Conclusion:
Non-distributed routing is a powerful feature in VMware Cloud Director that allows administrators to isolate East-West traffic between different organization VDC networks. By following the steps outlined in this article, you can enable NDR on your Edge Gateway and create separate logical networks for each organization VDC. While there are some limitations to NDR, it can greatly improve security, network performance, and flexibility in your VCD deployment.