There are considerations on where to place the “Active” DLR Control-VM.  This is due to an issue where “if” the active DLR Control-VM and any Active Edge are on the same host during a host failure the DLR Control-VM will not be able to provide the controller-cluster with routing updates.

This will cause a black-hole effect because the routes associated with the failed Edge router have not been removed.

By separating them, if the host with the active DLR Control-VM goes down there is no need to update routes as all Edge devices are still up and available.  The same goes if a host with the active Edge device goes down, the DLR Control-VM will update the controller-cluster and thereby update the hosts.

This also changes the Cluster design just a bit where if we have a dedicated Edge cluster and we want to place all the Edge and Control-VM devices with this cluster we will need at a minimum four (4) hosts.  In this way we can keep Edge Gateways and DLR Control-VM separated using DRS rules.


You could also simply place the Control-VM in the first Payload cluster or the management cluster assuming they are prepared for NSX.

A little more on the distributed logical router Control VM and the routing process.

The distributed logical router Control VM is the control plane component of the routing process, providing communication between NSX Manager and NSX Controller cluster through the UWA .  NSX Manager sends logical interface information to the Control VM and NSX Controller cluster, and the Control VM sends routing updates to the NSX Controller cluster.



  • NSX Manager provides the centralized management plane for the NSX for vSphere architecture and has a one-to-one mapping with vCenter Server for workloads.
  • The NSX Controller cluster is the control plane component that is responsible for managing the switching and routing modules in the hypervisors.
  • The primary function of the NSX Edge services gateway is to provide North-South communication, but it also offers dynamic routing, Layer 2, Layer 3, perimeter firewall, load balancing, and other services such as SSL-VPN and DHCP-relay.
  • The NSX for vSphere distributed logical router is a kernel module within ESXi optimized for forwarding in the virtualized space (between VMs, on VXLAN or VLAN-backed port groups).
  • User World Agent (UWA) is a TCP and SSL client that enables communication between the ESXi hosts and NSX Controller nodes, and the retrieval of information from NSX Manager through interaction with the message bus agent.

VMware NSX 6.2 Documentation Center

Leave a Reply

Your email address will not be published. Required fields are marked *