The UDLR, in addition to what has been shown in this recipe, offers a centralized administration and a routing configuration that can be customized at multiple levels, which include the following:

• UDLR
• vSphere cluster
• ESXi host
• Static routes

The customization of the routing configuration is dependent on whether the local egress feature is enabled during deployment time.

Local egress using the Locale ID is a feature which allows the NSX Administrator to select the egress path of traffic from multiple points; you can select whether the same set of physical routers in the Cross-vCenter configuration is the egress path for a network or whether there are multiple egress paths exist. An example of a Cross-vCenter NSX environment is depicted in the following figure, where Site A and Site B both have Edge services gateways that have a default route out to the physical routers. The universal logical router is configured with two appliances, one in each site. The universal control VM learns routes from its respective site local Edge services gateway. The learned routes are sent to the UCC, but because local egress is enabled, the Locale ID for that site is now associated with these routers. The Locale ID is used by the UCC to distinguish which hosts that the matching routes should be sent to:

By default, the NSX Manager's UUID is used as the Locale ID and if local egress was not enabled during provisioning of the UDLR, the Locale ID value is ignored by the UCC when sending route updates to the ESXi hosts. The Locale ID configuration allows each site to have site-specific egress route optimization, but special consideration need to be given before implementing local route optimization.

The following issues may arise when implementing local egress:

• Asymmetric routing for return traffic to Cross-vCenter workloads. This can potentially be mitigated by injecting host routes into the routing table of the physical infrastructure, but it is not done automatically by NSX and would need to be automated using external tools.
• If there are stateful services on the Edge services gateways of the network virtualization solution, return traffic may be dropped as flows are not present on the return Edge services gateway.

This would also be applicable to the physical firewalls upstream from the Edge services gateway.

Local egress is an excellent feature that provides active/active data center design, but a good understanding of traffic flow and automation to ensure ingress/egress traffic from virtual machines traverses the appropriate paths is essential.