Two-part vCD series since it was longer than I expected!
I had a question come in from a Cloud Provider on what are the actual key differences between a standard Edge Gateway Service and an Advanced Edge inside of the vCloud Director (vCD) User Interface (UI). While I could explain a few things on my own, I decided to do a little bit of legwork to confirm my suspicions. While some of you may already know the following, I thought this was an interesting exercise and wanted to share my results.
Before I get to that, I’m sure everyone is aware vCloud Director started off with vCloud Network and Security (VCNS) and this was the network backing before NSX. With recent versions of vCloud Director, everything is backed by NSX.
With that said, the Advanced Gateway experience is what VMware will eventually migrate to. Therefore, get used to the nice HTML5 intuitive and speedy UI! 🙂
Edges
In my vCD 9.x instance, I have two edges deployed:
- SiteB-T1-ESG is my advanced edge. I can verify this by right-clicking on the edge and seeing that I do not have an option to Convert to Advanced GatewayÂ
- Moreover, you can see I am running version 9.x of vCD – I can convert it to a Distributed Logical Router!Â
- However, with my SiteB-T1-ESG-2, I can see it’s not an Advanced Gateway as I’m able to convert itÂ
Let’s get to the comparisons now. Again, this is going to be in the context of the UI – not going to talk about the API right now. Going to state the advantage based on service in the title.
Firewall Services – Advantage: Advanced Gateway
Advanced Gateway
- I can create granular firewall rules using grouping objects associated with the HTML5 interface.
- This provides a very similar experience to NSX within vCenter. To be honest, anyone that has used NSX should be able to figure this out very quickly.
Standard Gateway
- From the standard interface, I can only create rules from a IP/CIDR and key words such as “any, internal, external.”
- Pretty limited to say the least.
DHCP Services – Advantage: Advanced Gateway
Advanced Gateway
- From the DHCP subtab, I am able to establish pools, bindings, and relay configurations. Moreover, configuring IP Sets and DHCP Relay Agents.
Standard Gateway
- We have the ability to add a DHCP pool that’s applied on an internal network that’s connected to this ESG. Pretty basic capabilities, but works.
NAT Services – Advantage: Tie
Advanced Gateway
- Ability to establish Destination or Source NAT’s. I see the same options between both Advanced and the Standard gateway, so it’s hard to call an advantage either way.
Standard Gateway
- As stated with the Advanced Gateway, I have the ability to establish a DNAT or SNAT. Seems like the same options to me.
Routing Services – Advantage: Advanced Gateway
Advanced Gateway
- This seems like a night and day difference in routing options. I’m able to get an NSX-like experience from an HTML5 interface (that’s been around for over 1 year or so!)
- Ability to set ECMP, Routing ID’s, utilize OSPF, BGP, and Route Redistribution with prefixes to boot.
- If you’re used to NSX and applying routing configurations to an Edge, this is a very similar experience.
Standard Gateway
- Yeah, how do static routes sound to you? That’s all I can apply here from the UI.
Load Balancer – Slight Advantage: Advanced Gateway
Advanced Gateway
- The Advanced Gateway is very similar to what we see in NSX – just in an HTML5 format.
- We get to see our Global Configuration, Application Profiles, Monitoring, Rules, Pools and Virtual Servers.
- I also see we have additional algorithms available from an LB perspective. I wouldn’t say it’s a stark difference between Advanced and Standard, but more comprehensive than the Standard Gateway.
Standard Gateway
- Standard Gateway has very similar options as the Advanced UI, just in a different UI format.
- As stated above, we don’t have UDP available as a type and fewer algos for the Pool configuration. With that said, it’s very comparable, but giving a slight advantage to Advanced for some of the other options available.
One thought on “vCloud Director – Key Differences in Edge Gateway Services (1 of 2)”