Notes on Cross-vCenter VMware NSX

Here is the last chapter of notes from my recent NSX VCP. A few things to note are, lab and hands on time are invaluable. The hands on labs from vmware are excellent resources for this, as well as other vmware products. The VMUG Advantage account is also a great way to get access to in hose software and keys for testing, if you dont have a full Cisco/VMware shop to play in. In the next few weeks, myself and the lead network engineer at MacStadium will standup a full NSX deployment and I hope to document what that looks like here soon.


9.1 Cross vCenter NSX

  • 6.2 can now allow logical networks to span multiple vcenter instances
  • Reasons
    • Increase span of nsx logical networks
    • Apply centralized security policy management to all vcenter servers
      • One place to manage fw rules
      • Cross vcenter vmotions
    • Support new mobility boundaries in vsphere 6
      • Enables cross virtual switch, long distance vmotion
      • Use existing networks wit no new hardware
      • Does not require spanning of L2 network for cross vcenter vmotion
    • Enhance NSX multi site support
      • Active-active from metro to 150ms RTT
      • Can work with SRM which can recover the workload without need to adjust the IP address
    • Benefits
      • Comprehensive L@ L3 and firewall without need for specific hardware
      • Doesn’t need L2 span for cross vcener, long distance vmotion or workload migration
      • Allows in place upgrade and migration for nsx
      • Allows integration with other sddc components
      • Enhance NSX multisite and disaster recovery
      • Address issue of vCenter being a scale boundary



9.2 Configure Cross vCenter NSX Deployment

  • Components
    • Universal controller cluster to manage local and universal objects
    • Universal transport zone to span all clusters
    • Universal logical switch to span all clusters
    • Universal distributed logical router
    • Universal segment ID pool
    • Universal fw rules apply to a vm regardless of vcenter
      • Universal IP sets
      • Universal mac
      • Universal security groups
      • Universal services
      • Universal service groups
  • NSX Manager Instances
    • Standalone
      • New install or upgrade – not part of cross vcenter
    • Primary
      • Has controllers installed and all the universal objects are created modified or deleted only on the primary
    • Secondary
      • Standalone becomes secondary when added to primary instance
      • Cannot have its own controllers
    • Transit
      • Move from cross instance
      • Cannot have universal object in standalone but can delete in transit mode
    • Universal security group
      • Can
        • Security group
        • Ip sets
        • Mac sets
      • Cannot
        • Cluster
        • hosts
        • Data Center
        • Inventory items
    • Can define locale ID
      • ULR
      • Esxi Host


9.3 Cross-vcenter VMware Deployment Models

Segment IDs don’t overlap

East  west touring and L2 spanning active-active

Scroll to Top