Starting at VCF 4.2 NSX-T federation is now supported which is the foundation to support a multisite dual region deployment. This allows two separate VCF instances in Datacenters at two different locations in large distance regions to be connected to provide centralized management, consistent networking and security policy configuration with enforcement and synchronized operational state. With NSX-T Federation, VCF can leverage stretched networks and unified security policies across multi-region VCF deployments providing workload mobility and simplified disaster recovery. The deployment and configuration are done manually following prescriptive guidance in VMware VVD documentation.
The NSX-T Global Manager is part of multi-region deployments where NSX-T Federation is required. NSX-T Global Manager is a central component deployed as a cluster for availability and can connect multiple NSX-T Local Manager instances under a single global management plane. NSX-T Global Manager provides the user interface and the RESTful API for creating, configuring, and monitoring NSX-T global objects, such as global virtual network segments, and global Tier-0 and Tier-1 gateways.
Connected NSX-T Local Manager instances create the global objects on the underlying software-defined network that you define from NSX-T Global Manager. An NSX-T Local Manager instance in an individual region directly communicates with NSX-T Local Manager instances in other regions to synchronize configuration and state needed to implement a global policy.
Following are some additional requirements that you need to consider for an NSX-T federation deployment.
An NSX-T Global Manager cluster is deployed in the management WLD at region A and region B. The cluster in the second region acts as a standby and will become active if the first region cluster fails or is lost. A cluster consists of three manager VMs and each NSX-T domain that needs to be federated require an NSX-T Global manager cluster deployed in the management workload at each region. The following diagram shows a dual region deployment with a single NSX-T VI WLD. A Global manager cluster is deployed at each location for the Mgmt WLD and the VI WLD NSX-T domains.
In a dual region deployment, each region has its own NSX-T Edge cluster. In each region, the edge nodes and clusters are deployed with the same design but with region-specific settings such as IP addressing, VLAN IDs, and names. Each edge cluster is managed by the NSX-T Local Manager instance for that region and WLD. After a VCF deployment of the Mgmt WLD, all NSX-T network components will be local to the Mgmt WLD NSX-T instance. As part of the NSX-T federation deployment, the network components will be configured to span both regions. For more detail for the deployment of NSX-T federation, see the VCF documentation
Region-to-region workload traffic traverses the inter-region overlay tunnels which terminate on the RTEPs on the NSX-T Edge nodes. To support this inter-region communication, you must provision additional RTEP VLANs for the edge nodes. If the region also contains multiple availability zones, this network must be stretched across all availability zones in Region A.
The VVD routing design uses region preference for North/South traffic and does not use local-egress. All segments will have a preferred and failover region for network traffic ingress and egress for that segment. This eliminates the complexities of trying to prevent asymmetrical routing, and control of local-ingress at the physical network layer. For full detail of the North/South routing design, see the VVD documentation
The NSX-T global managers are deployed manually outside of VCF. The life cycle of these components needs to be done outside of SDDC Manager as SDDC Manager has no awareness of the Global managers. The upgrade of the NSX-T Global managers must be done using the upgrade coordinator available on the Global manager appliance. The following should be considered when planning an upgrade of VCF when NSX-T federation has been deployed.