Gabe Rosas

Network Extension Availability Diagrams

Sharing some recent diagramming work (they let let me play with my crayons sometimes 😋 ).

This is an 11-page PDF deck. These diagrams highlight several modes of operation for the HCX Network Extension appliances. May these help if you’re looking for a visual to discuss and understand the related concepts. Adding some light explanations below.

hcx-ne-availability-1Download

The first picture is a basic topology describing HCX extension. Key ideas depicted:

  • Encrypted site to site extension of a network at the source to a private destination (e.g Cloud Foundation, VVD SDDC, or custom vSphere+NSX infra) or one of the HCX enabled public cloud offerings (like the Google Cloud VMware Engine, Microsoft’s Azure VMware Solution or VMware’s Cloud on AWS/Dell EMC).
  • Automated data-plane. You define (in the Service Mesh config) whether network extension will be enabled, and if so, how many appliances are needed. The rest happens automatically (hands off):
    – NE nodes are instantiated and auto-configured (you’re never deploying individual appliances or configuring settings, and things like IPsec.
    – Source NE nodes automatically find their peer nodes ( if they are reachable over UDP-4500) and configure multiple encrypted tunnels without additional user intervention.
  • VDS VLANs, NSX Overlays and VLANs can be extended. HCX will always create or connect to NSX (N-VDS or VDS7) Overlays at the destination.
    – It is by design principle that HCX extension operations are implemented as overlays. This eliminates the possibility of HCX influencing/disrupting switch forwarding (spanning tree operation).
  • HCX Network Extension is for making virtual machine networks (not cluster networks) available at the destination.

The rest of the images build from there. The diagrams are all related to the availability/resiliency operations for the appliances. I used a lot of this for the HCX Availability Guide. Some key ideas from these slides:

  • NE Without HA:
    – HCX relies on vSphere HA to respond to node failures.
    – ISSU minimizes the impact of HCX NE upgrades but requires additional IPs.
    – Non-ISSU (Standard) upgrades are available (re-use existing IPs) but result in some impact.
  • NE with HA :
    – HCX can tolerate appliance-level failures.
    – Redeploy & upgrades orchestrated based on the HA group model to minimize impact.
  • NE Site to Site Uplink connectivity
    – Refers to the connectivity between the HCX appliances (the tunneling based on the HCX Uplink configuration). Uplink resiliency is critical for a highly available deployment.
    – Configure multiple uplinks when there are multiple network paths available.
    – In multi-uplink configurations, each uplink should be a distinct portgroup backed by a distinct connectivity providers.
    – Application Path Resiliency is a single vNIC muti-tunneling option that leverages ECMP/switch IP hash placement to improve HCX NE resiliency.

Application Path Resiliency & Network Extension High Availability are HCX Enterprise features for VMware HCX.

May the odds be ever in your favor!


Gabe

Published by Gabe Rosas

Gabe joined VMware about 10 years ago to work on the early software-defined public clouds. Today he focuses on HCX, a workload migration and network mobility solution that enables customers to evacuate aging infrastructure and accelerate onboarding and realize the benefits of their VMware cloud investments; and NSX network virtualization and security platform that reproduces the entire network model in software. See the "About Me" page for more of my story. -- Disclaimer: This is still my personal blog and should not be considered an official source of VMware product information. Please design meticulously and test indiscriminately (outside of your production environment). Apply any information you find in this blog at your own risk. 🖖🏼🥸 Live long and proper!

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s