While waiting for another session to start at TechSummit some colleagues @markmeulemans Bill Mansfield and I had the discussion around when is a dedicated Edge Cluster actually necessary. This is the outcome of that discussion.
Like many other VMware products, NSX for vSphere can actually be deployed in a relativity small footprint. This is especially true for Proof of Concept / training / nested lab environments. The decision to do things like a dedicated Management, Edge, and Payload cluster are typically “for us” associated with customer imposed constraints. These constraints are often physical data center layout, compute limitations, or legacy design.
Dedicated Edge Cluster
Having a dedicated Edge Cluster is certainly paramount for those who have taken the multi-tenant design path with or without a Cloud Management Platform. The need here is to have dedicated resources available for the significant amount Edge Services Gateways and Distributed Logical Router Control-VMs associated with the tenant design model.
Seriously consider Dedicated Clusters when:
- Multiple ESGs for local Load Balancing, Web, App, DB, etc.
- ECMP North / South design
- North / South traffic bandwidth needs > 40G
- Physical Data Center limitation of the L2 External Network Uplinks / VLAN provisioning to racks, clusters, and hosts.
The principal requirement of a dedicated edge cluster is that you should have no less than four (4) hosts in the Dedicated Edge cluster. The scenario you need to avoid is when the DLR Control-VM and Active ESG resides on the same host. When the active ESG and Control-VM are on the same host it can cause a black-hole effect because the routes associated with the failed Edge router have not been removed. See my previous post for more details on this topic.
Mgmt / Edge Cluster
Having the Management and Edge cluster combined is still a very solid design and would be recommended when the design:
- Cannot dedicate four (4) hosts to dedicated Edge Cluster
- North / South traffic bandwidth needs are between 15G to 40G
- Management Cluster load fairly consistent
- Can use Resource Pools / Reservations for NSX Edge Components
The recommendation when combining the Mgmt / Edge clusters however, is to exclude the vCenter from the Distributed Firewall to ensure you do not create a rule locking you out of vCenter. Additionally, you will want to use Resource Pools / Reservations for the Edge VMs.
Payload / Edge Cluster
Another scenario would be to converge the Edge Cluster and the first Payload Cluster. It is not recommended often but is certainly a way to go. Perhaps you do not want to prepare the Management Cluster for NSX / VXLAN or you want to place these edge devices with the tenant for charge back / accounting reasons. Considerations would be required again for Resource Pools / reservations for the Edge VMs.