This article describes the regulations, if deploying NSX-T Edges as appliance and show the supported deployment scenarios.
Following a short overview about the three deployment scenarios.
These three scenarios will be described in more detail during this article.
NSX-T Edge appliance on NSX-T prepared host with just N-VDS
In some scenarios you will not have enough hosts to install more than one vSphere cluster and especially not for dedicated physical NSX-T Edge nodes.
Further your active hosts inside the available cluster don´t have enough physical uplinks towards your TOR switches to deploy VDS and N-VDS simultaneously.
In this case you are able to migrate all workloads and the management traffic from VDS to N-VDS.
Lets summarize your current situation:
For deployment of a NSX-T Edge appliance under this circumstances you need to separate the VLAN segment for the TEP network.
You need one VLAN segment for the TEP network of the ESXi hosts and a separated VLAN segment for the TEP network of the Edges.
The separation of the TEP networks is necessary, because the Edge appliance is running inside the ESXi hosts and is connected to the N-VDS inside the kernel.
Therefore the ESXi host is not able to forward the traffic inside the TEP network towards the Edge appliance, if the ESXi host and the Edge appliance are inside the same VLAN segment.
By separating the TEP networks the ESXi host is able to redirect the traffic towards the Edge appliance TEP address.
Further you need to ensure that MTU has the proper size inside these two VLAN segments and between them as well.
The Reason is that all traffic between the ESXi hosts and the Edges will be routed and the routing device must not fragment the Overlay (GENEVE) traffic.
NSX-T Edge appliance on NSX-T prepared host with VDS and N-VDS
If you have four or more uplinks, you are able to separate management and workload traffic. In such a scenario you have the opportunity to use a VDS for management traffic and a N-VDS for the workload, each VDS/ N-VDS connected with two uplinks.
Lets summarize your current situation:
For Edge appliance deployment you need a separate VLAN as well, because the Edge appliance is still located at a NSX prepared ESXi host.
The network separation enables the host to differ which TEP communication is sent to which destination (Edge or ESXi).
The difference to the first scenario is the Management and workload separation, which is an advantage under the following circumstances.
NSX-T Edge appliance on different vSphere cluster not prepared for NSX-T
The most powerful Edge deployment scenario would be to use dedicated physical hosts and install these hosts as “Edge Cluster”, but sometimes this is to expensive depending to your use case. In this case the next best opportunity to deploy a Edge is to locate the Edge appliance on a separated vSphere Cluster which is not prepared for NSX. This brings the following advantages.