Section 1 – Prepare VMware NSX Infrastructure
Objective 1.3 – Configure and Manage Transport Zones
- Create Transport Zones according to a deployment plan
- Configure the control plane mode for a transport zone
- Add clusters to Transport Zones
- Remove Clusters from Transport Zones
Transport Zones control which hosts a logical switch can reach. It can span one or more vSphere clusters. Transport zone dictates which cluster and by extension which Virtual Machines are able to participate in the use of a particular network. VMs in different transport zones, therefore, cannot share the same Layer 2 Network. This also means that VMs in different transport zones can’t be connected to a single distributed logical router or edge services gateway because they only have access to one transport zone.
VMware has the following guidelines when designing transport zones
- If a cluster requires Layer 3 connectivity, the cluster must be in a transport zone that also contains an edge cluster meaning a cluster that has Layer 3 edge devices (DLRs and ESGs)
- If you have three clusters one for each type of server (one for web services, another for application services and one for database services) in order for them to have VXLAN connectivity the clusters need to be included in the same transport zone
- All logical switches included in a transport zone will be available and visible to all VMs within the clusters that are included in that transport zone. If a cluster contains VMs in a secure environment you might not want to make the logical network available to VMs in a number of clusters. This means that you need to make you secure cluster part of a more isolated transport zone
- The transport zone design needs to match the span of the VDS. When creating transport zones in multi-cluster VDS configurations, make sure all clusters in the selected VDS are included in the transport zone. This is to ensure that the DLR is available on all clusters where VDS Portgroups are available
See below a diagram that shows the span of the VMs, Hosts, Clusters, VDS and Transport Zone.
On to how to actually configure transport zones and the management of clusters that they span.
First log in to the vCenter Server and go to Home > Networking and Security
Now select the Installation tab from the left menu pane
Next, select Logical Network Preparation and then Transport Zones
To create the first transport zone just select the plus symbol
Then in the box that opens fill in the name, description, VXLAN replication mode and the clusters that will be part of the Transport Zone
Once completed select OK and you will now have a new Transport Zone which can be selected when creating Logical switches, this means that the NSX vSwitchs on these clusters will have a new distributed port-group created for that logical switch network.
Managing memberships for transport zones is quite a simple task. The steps to remove a cluster from a transport zone are as follows:
Still in the Transport Zones section select the appropriate Transport Zone and select the disconnect clusters icon.
Now select the cluster that you want to remove from this transport zone.
Select OK and there will be a pop-up message asking you to confirm that you want to remove this cluster from the transport zone. It notes: For the operation to succeed. VMs from the selected cluster(s) should be disconnected from the logical switches of the transport zone.
So having VMs in that cluster connected to Logical Switches in this transport zone the removal will cause the operation to fail to stop any issues arising from the VMs being disconnected from that port-group.
If you do ever want to add in a cluster to a transport zone for example when expanding the number of compute clusters, creating a dedicated edge cluster etc. then the process is very similar to the removal of clusters.
Still in the Transport Zones section of the Logical Network Preparation tab select the Transport Zone in question and select the Connect Clusters Icon
Then in the pop-up select any applicable clusters that you want to add.
Once you select OK that cluster will be a member of the transport zone and the associated logical networks will be deployed to the VDS (if not already included) as distributed portgroups ready to be connected to virtual machines in the environment.