Architecture pattern for using Direct Link with NSX-T edge cluster in colocation
On VMware vCenter Server instance in IBM Cloud® classic infrastructure, your workloads are deployed and run on VMware NSX-T™ overlay networks. As part of the deployment, the automation deploys an example NSX-T topology. You can use the provisioned examples as your base or build your own topologies on overlay. These overlay networks are not automatically advertised to IBM Cloud classic infrastructure network.
This architecture pattern presents private connectivity for VMware vCenter Server® that uses IBM Cloud Direct Link and deploying an NSX-T edge transport node at the colocation. This solution is applicable for NSX-T based vCenter Server instance, which is provisioned in IBM Cloud classic infrastructure.
This solution relies on the principle that you can advertise NSX-T TEP traffic through Direct Link to the colocation. Therefore, you can extend your NSX-T overlays over Direct Link. You are responsible for deploying the edge transport nodes in colocation on your own x86 hardware and for creating the NSX-T edge cluster and configuring Tier-0 (T0) Gateway on the edge cluster.
You can use Gateway Appliance or vCenter Server gateway cluster with Juniper vSRX or other device as part of the solution. This is optional.
Deploying Direct Link with NSX-T edge cluster in colocation
The following diagram presents an overview of an architecture pattern for deploying Direct Link with NSX-T edge cluster in colocation.
This architecture pattern deployment is summarized as follows:
- vCenter Server instance is deployed at IBM Cloud classic infrastructure. Two IBM Cloud private VLANs and one IBM Cloud public VLAN (optional) are deployed. Each of these VLANs host multiple subnets. You can see the details through IBM Cloud for VMware Solutions portal.
- NSX-T T0 is deployed with two interfaces - private and public (optional). If you opt for a public one, this interface is attached to your Public VLAN and has direct internet access. Your T0's private interface is attached to the Private VLAN and it uses IBM Cloud portable private IP.
- If vCenter Server gateway cluster with vSRX (or other third-party device) or IBM Cloud Gateway Appliance is deployed to your classic infrastructure, you must configure your vCenter Server instance Private Primary VLAN. It is routed through the vSRX or Gateway Appliance and allows TEP traffic through it.
- Create a Direct Link at your IBM Cloud data center or zone location and attach your classic network as a connection. All your classic networks in the region are advertised with Local routing option (or all with Global Option). Use BGP between your colocation router and Direct Link. Ensure that the networks planned for NSX-T edge transport node management and TEP traffic are advertised through this BGP session to Direct Link.
- Deploy NSX-T edge cluster at colocation and create a T0 at the colocation cluster. Create routes on edge nodes for management and TEP traffic through the Direct Link path.
- Configure an NSX-T overlay transit segment between T0 VRFs and configure routing between the T0 VRFs.
- Each tenant has their own WANs or MPLS. You must design and configure how to secure and separate the tenants and connect to tenant WANs.
Considerations
When you design or deploy this architecture pattern, consider the following steps:
- This pattern requires BYOL for the colocation solution VMware licensing. Contact VMware or your business partner for licensing details.
- This pattern requires you to bring your own x86 hardware at colocation to host the NSX-T edge transport nodes.