What is the most probable cause?

A workload was attached to a logical switch port group in Compute Cluster 1. Users are complaining that I hey
can communicate with other workloads on that port group in the cluster, but not with other workloads on
different networks.

What is the most probable cause?

A workload was attached to a logical switch port group in Compute Cluster 1. Users are complaining that I hey
can communicate with other workloads on that port group in the cluster, but not with other workloads on
different networks.

What is the most probable cause?

A.
The distributed firewall has a default rule set to deny all

B.
The Distributed Logical Router was not configured on Compute Cluster 1

C.
Compute Cluster 1 is NOT a member of the Transport Zone

D.
An NSX Edge has NOT been deployed into Compute Cluster 1

Show Hint

Leave a Reply 7

Your email address will not be published. Required fields are marked *

Blue Man

Blue Man

If DFW has a default rule set to deny all, how could users communicate with other workloads in that portgroup?

I would choose C or B.

Reply

Raffles

Raffles

C.

The transport zone defines the range of the vSwitch communications. To reach out of a transport zone will require an uplink.A DLR routing between VXLANs will have it’s scope limited by the transport zone.

Reply

musendk

musendk

B:
We need is a DLR that allow to communicate with Other’s

If A: DFW Fule is Deny All, Well nothing works unless a Allow Rule is enabled, whoch is not shown here.

Why Not C: transport Zone have only IMPACT on VXLAN! so of course they cant reach VMs that is Not alligned if they are running on VXLAN! But Regardless of that, they Cant reach any Other VMs on Both VXLANs or VLANs , if there is not an DLR in place,.!!

Reply

Enrique Galán

Enrique Galán

Hi guys, which is the correct answare?

Reply

Maple

Maple

Answer is absolutely C.

Source:
■Transport Zones
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/com.vmware.nsx.admin.doc/GUID-5EFF202E-42DE-4864-9B60-C5FF280457F6.html

A transport zone controls to which hosts a logical switch can reach. It can span one or more vSphere clusters. Transport zones dictate which clusters and, therefore, which VMs can participate in the use of a particular network. In a cross-vCenter NSX environment you can create a universal transport zone, which can include clusters from any vCenter in the environment. You can create only one universal transport zone.

■Common Failure Secenarios and Fixes
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.2/com.vmware.nsx.troubleshooting.doc/GUID-8B7082AA-CB76-4CF9-B0A2-0742D4F1949D.html

Issue: Transport zone is not aligned to the DVS boundary

Effects: Distributed routing does not work on a subset of ESXi hosts (those missing from the transport zone)

Reply

Ahmed

Ahmed

C
Copied from the NSX ICM book.

In this example, a logical switch created in the transport zone will also be available to the virtual machines in Compute Cluster 1. The reason being, a logical switch is essentially a port group on the VDS and the Compute Cluster 2 is a member of the transport zone. In this case, VXLAN connectivity will work just fine. However, an issue will arise when the logical switch is connected to a DLR.
Unlike the logical switch, DLR instance is only created by the NSX Manager on each host in the transport zone. This would cause a situation where virtual machines in Compute Cluster 1 can communicate at layer 2, but layer 3 connectivity would be broken.

Reply