NSX - FAQ

All packs are based on a day/hour count, e.g.: 1 day = 8 hours, 2 days = 16 hours (sometimes more). The first approach is the same for all packs with a discovery phase, but the duration of the pack will depend on the complexity of the environment and the maturity of your current managed offer. This issue will be explored with the Professional Services team in a first evaluation call.

Secure your traffic with the NSX Distributed Firewall (North/South or East/West security), or use one of the Gateway Firewalls (North/South security).

VMware has decided to initiate the end of life (EOL) of NSX-v since January 2022. OVHcloud has been granted an extension of support until 15 January 2025.

It is impossible to do public BGP (peer with OVHcloud internet routers). However, it is possible to do BGP (private) with a vRack via a Tier-0 gateway or a VRF level 0 gateway, or in an IPsec tunnel via a Tier-0 only.

Yes, through a VRF.

It is possible to position different private AS numbers according to Tier-0 gateways or VRF level 0 gateways.

You can completely disconnect the public interfaces of the T0 and interconnect them via a private network or a security appliance exposed live on the internet. Note that there is an integrated firewall in T0 that can be configured via the NSX interface, Gateway Firewall.

In VMware design, a Tier-1 is always attached to a Tier-0. Flows pass through a Tier-0 to go to the external network. All elements that need to remain inside (locally) the managed Vsphere platform are routed by the Tier-1.

It is currently not possible to add a new Tier-0 Gateway. Depending on your needs, you can create a virtual Tier-0 instance called VRF. This VRF will not be able to be connected on the internet.

This is not possible by default. The Tier-0 Gateways are each hosted on a different host, HA (High Availability) is activated and a virtual IP (VIP) is configured between the 2 EDGES to maintain service continuity. The HA section is already preconfigured by OVHcloud.

No, this is not possible by default. The configuration is managed by OVHcloud and is active/passive with a VIP (10 Gbps guaranteed bandwidth).

No, this is not possible, either for Tier-0 or Tier-1 information. There are troubleshooting tools in NSX.

This information depends on the version of NSX in production on the infrastructure. The maximum values are on the dedicated Broadcom website: https://configmax.broadcom.com/home.

Additional public IPs can be added via "next hop" routing by specifying the VMware Hosted Private Cloud environment as a resource, and in next hop the public virtual IP (VIP) of the Tier-0 (T0).

IP address blocks are dependent on the VMware Hosted Private Cloud environment and not on the virtual datacentre. It is therefore possible to use the same IP address block between several virtual datacentres (without any modification). Warning: if you have several virtual datacentres, a block of public IPs routed on the virtual IP (VIP) of your Tier-0 (T0) cannot be used in a VM Network of another virtual datacentre. It is attached to the VIP and no longer to the VM Network.

In the migration guide, you can find out how to move your existing IP from your NSX-v platform, and route it to the IP attached to the Tier-0 section (T0). When an NSX-T Virtual Datacentre is delivered, we deploy and configure a new IP block for NSX Tier-0 (T0) that we dedicate to VIP. You can route the IP block to this VIP.

The global datastore is managed via the OVHcloud Control Panel or API. This allows you to globalize your datastore, which will be visible from your new vDC. It allows you to make a vMotion "Compute" and not a vMotion "Storage" of the virtual machines. It is not possible to exit this mode. You will need to order a new datastore and apply a vMotion to globally release it.

• Getting started with NSX
• VMware on OVHcloud

In this case, you do not need to order a new vDC, but make sure to disable all your NSX-v features so that OVHcloud can disable the component.

IP migration is done by block, you change the next stop of the IP block, the global block is transitioned to the NSX part.

This will depend on the services you use. For example, if you use IPSEC tunnels and public IPs, you will need to move your workloads and reconfigure the IP block you had on your NSX-v infrastructure to your NSX-T infrastructure. If you use NSX-v for firewalling, you can have the configuration on the 2 environments. Downtime depends on the complexity of your environment.

This will depend on which services are enabled (LoadBalancer/NAT/Firewall, etc.). The speed and maximum are dependent on the NSX version and available on the Broadcom website.

Yes, the vRack works with NSX-T. You can access it in the same way from vlan portgroups in vSphere or from VLAN segments in NSX-T.

The NSX Edge cluster is compatible with an OVHcloud vRack. You can add your Virtual Datacentre that carries NSX-T in the vRack of your choice. Find more information on this page.

No, NSX Edge management is carried out by OVHcloud in Active Passive mode.

Today, only 1 Edge NSX-T cluster is deployed.

Sizing will depend on the services you enable or consume on your edges (firewall or load balancing...). Today, the Edge servers are Medium in size. The maximums and sizing are available on the Broadcom website.

Use this route after you have retrieved the cluster ID you have just created.

Yes, it is possible to do this. Here is an example of the API calls that you can use within the /dedicatedcloud universe: Retrieve the Edge ID:

For example, you can test resilience by simulating the failure of one of the cluster’s Edge nodes:

Yes, but you will need to reconfigure them after migrating your virtual Datacentre.

It is possible to get NSX-T if you order a new virtual Datacentre in your Hosted Private Cloud. Within the same infrastructure, you will have 2 virtual datacentres, one with NSX-v and the other with NSX-T. Please note that ordering the new vDC will automatically trigger the refund mechanism for the coming month.

This tool requires very strong administrative rights on the environment, the Professional Services team can validate the execution and the duplication. In this tool, it is important to note that many elements are not supported (options, existing rules in NSX-v). The reproduction phase would require a lot of adaptations on your part, so it is not a recommended tool for migration at OVHcloud.

The NSX interface is independent and not linked to the vSphere interface. This is why we have created a dedicated endpoint to reach it.

Yes, it is possible, via the vRack for example, or via the public network and the Edge Cluster VIPs.

Yes, OVHcloud performs backups. This backup is not intended for restoration in the event of incorrect operation, but for support in the event of an incident involving the various NSX-T controllers.

Yes, it is possible, there are no constraints currently.

There are no additional limitations compared to an unqualified SecNumCloud environment.

There is no difference between backups in SecNumCloud and non-SecNumCloud qualified environments.

OVHcloud will refund you 1 month for the virtual datacentre added to your next bill after the order (1 month = 30 days).

No, these features are not included.

Yes.