Greetings,
In this relatively short post, I will start with a brief introduction about NSX distributed logical router (DLR) and then I will delve into the main topic which I want to demonstrate here.
Overview
The main purpose of the DLR is to provide an optimized distributed hypervisor-level routing functionality for East-West traffic within the data center and there-by preventing “hair-pinning” scenarios.
DLR consists of two components:
- DLR Kernel modules: This is the data plane of the DLR. These modules get pushed to the kernel of ESXi hypervisors in the host preparation phase for the sake of performing routing between the Logical Interfaces (LIFs) defined on that distributed router instance.
- DLR Control VM: This is the control plane of the DLR. This VM role is to peer with NSX edges using a dynamic routing protocol and push the routes to the ESXi hosts via NSX controllers.
When to deploy a DLR Control VM?
When You create a distributed logical router, you have the option whether to deploy a control VM with the DLR or not. See the below screenshot:
A Control VM is needed in the following 2 cases:
- Dynamic routing is needed for route exchange between DLR and upstream edges.
- L2 bridging finctionality is required. Bridging occurs on the ESXi host where the DLR control VM is running.
So, if you are sure that any of the above capabilities are not required, you can deploy DLR without the control VM and utilize static routes between DLR and ESG.
NOTE: If you decided to deploy a DLR without a control VM as you’re only using static routing, and then at a later stage you decide you want to use dynamic routing, it is not possible to just add/deploy the control VM to your existing DLR. You would need to deploy a new DLR with control VM and then migrate everything to it, or delete your current DLR and re-create it with the control VM. This clear in VMware documentation:
From flexibility perspective, my general recommendation is to deploy a control VM with the DLR (even if you are currently planning to use static routing ) to avoid being in such a scenario in the future.
Why DLR shows a GREY status?
Working with various VMware products, I can say GREEN is always good :). Whenever we do an environment health check, we seek for green status as it is a sign of goodness.
Why I am taking about this here is to explain the impact on the DLR status if you decide to go with a DLR without a control VM:
- From GUI, a DLR without a control VM will appear as “undeployed“.
- From NSX CentralCLI, a DLR status will appear as “GREY“. So keep this is mind if you are checking the status of all NSX edges and you come through this case. Off course “GREY” status can appear in other cases when there is an issue with the NSX edge, but this is a normal status for a DLR without a control VM.
Thanks for your reading,
Hope this post is informative.
Mohamad Alhussein
The role of the Control VM is to be the control plane for the distributed logical router. It is here that LIFs get defined and pushed out of the DLR instanced on the hosts. It is also here that BGP or OSPF is instantiated to communicate with the Edge Router VM s.