Hello guys
My company has a small Datacenter in witch we host SaaS VM for our customer
The design is pretty simple, we have a big FortiGate with 2 VDOMs:
-ROOT VDOM: Host the management for the Datacenter (switches, firewalls, monitoring VM...)
-SaaS VDOM: Host the customers. Each customer has 2 VLANs, one "LAN" and one "DMZ".
Off of theses VLANs are routed by the FortiGate and on L2 on a ALU 6900 Virtual Chassis.
Few weeks ago we migrated our VMWare infrastructure to Nutanix. From a network standpoint, nothing changed excect that now, each customer VM needs to speak to a Nutanix server... Which is not in the same VDOM...
The VMWare equivalent would be that the VMTools use the VM "DAta" network to talk to the Vcenter.
So now i have to figure out a way to make each VM talk to a single IP address in my Root VDOM. Which i don't like because it basicaly mixes Management plane and Data Plane...
We have contacted Nutanix support and unfortunatly NAT is off the table because the Nutanix will be confused if each VM comes with the same IP address...
So, I have tought of a complete redesign of the networks being:
-All VLANs will now be routed by my 6900 VC in a seperate VRF (One vrf per custumer and one Management VRF)
-I could use Route export to allow the subnet of the Nutanix server being disitrbuted in each VRF
-All VRF will go to ForitGAte as default route and will still be isolated from each over.
Is it viable? What do you think?
Thanks!! :)
No comments:
Post a Comment