Configuring NSX-T Data Center 2.4.0 : Part 7 – Tier-0 Gateway

In the Part 6 of the configuring NSX-T series, we saw how to configure Tier-1 router and get connectivity between vm’s from different network. In this blog post, we will see how to configure Tier-0 router so that we get gateway service between the logical and physical network.

Create Uplink Segment :

To begin with configuring the Tier-0 gateway, let’s start with creating an uplink segment so that the Tier-0 gateway can connect to the upstream gateway.

To create an uplink segment Login to the NSX simplified UI home page and go to Networking > Segments and click on ADD SEGMENT

Provide a segment name and select the VLAN transport zone that we have created earlier. For VLAN enter 0 and click on add item. Once done click on the SAVE button.

When the message appears asking whether you want to continue Configuring the Segment, click NO.

As you see in the below screenshot, the external uplink logical segment is up and running.

Create Tier-0 Gateway :

To create a Tier-0 gateway, go to Networking > Tier-0 Gateways and click on ADD TIER-0 GATEWAY.

Provide a NAME for the Tier-0 gateway and select the EDGE Cluster from the drop down available. Once done, click on SAVE.

Click YES on the message that appears asking if you want to continue editing the Tier-0 gateway.

Now let’s enable the ROUTE RE-DISTRIBUTION, so that the Tier-0 logical router starts sharing specified routes with its northbound router.

To enable this expand the route re-distribution and click on Set.

Enable the below listed routes.

Tier-0 Subnets:
  • Static Routes
  • Connected Interfaces & Segments and all the sub-options
Advertise Tier-1 Subnets:
  • Connected Subnets
  • Static Routes

Once done, click on APPLY.

Click on SAVE to save the configuration changes.

Now, expand the INTERFACES section and click on Set

In the Set Interfaces page, click ADD INTERFACE. Provide the below configuration details.

  • Name : Name for the uplink interface
  • Type : External
  • IP Address/Mask : Enter an IP address for the uplink interface
  • Connected To : Select the Uplink segment created earlier
  • Edge Node : Select the edge node

Once done, click on SAVE

We can see the uplink interface created is Up and available. Click on CLOSE to close the window.

Expand BGP and update the below configuration.

  • Local AS: 100
  • BGP : On
  • Inter SR iBGP: Off
  • ECMP : On
  • Multipath Relax : On

Once done, click on SAVE.

Click on Set to configure BGP Neighbors.

In the Set BGP Neighbours window, click on ADD BGP NEIGHBOUR. Enter the below configuration information and click on SAVE.

  • IP Address : IP of your BGP neighbour
  • Remote AS number : 200

Note: For this lab, I have configured Vyatta router which is having the IP 192.168.40.5 and AS 200.

You can now see the BGP neighbour is configured and the status is Up

The below is the BGP configuration from the Vyatta router. If you note, the IP 192.168.40.10 is the Uplink interface IP that I have created earlier.

Note: If you do not use BGP in your environment, you can configure static route by going to Advanced Networking & Security > Networking > Routers > Select the Tier-0 logical router > Click the Routing tab and select Static Route.

Once the settings are saved, click on CLOSE EDITING as in the below screenshot.

The Tier-0 router is now Up and available.

Connect the Tier-0 and Tier-1 Routers :

To connect the Tier-1 and Tier-0 gateway’s, go to Networking > Tier-1 Gateways > click on the three vertical ellipses icon as below and select EDIT.

From the Linked Tier-0 Gateway dropdown, select the Tier-0 gateway we have just created. Once selected, click on the SAVE button.

Once the changes are saved, click on CLOSE EDITING.

Now we see the Tier-1 gateway is connected to the Tier-0 gateway.

Test the End-to-End Connectivity :

To test the end-to-end network connectivity, I am using the below virtual servers.

VM NameIP AddressNetwork
App VM172.16.10.10Logical network
vcsa192.168.0.51vSphere network
Opsman192.168.0.55vSphere network

The below ping test confirms that the App logical virtual machine can reach out to the vcsa and Opsman vm which is in a different network and environment.


2 thoughts on “Configuring NSX-T Data Center 2.4.0 : Part 7 – Tier-0 Gateway

Add yours

  1. I have a question objects created from the simplified NSX-T API does not support for PKS deployment can you confirm, as per PKS 1.5 we need to create a the Objects on advance tab. simplified UI is only NSX-T SDN deployment not for PKS

    Liked by 1 person

    1. NSX-T v2.4 implements a new Policy API and a new NSX Manager user interface (UI) based on the Policy API. Enterprise PKS does not support the Policy API or Policy-based UI. Enterprise PKS supports the NSX Management API, which is exposed via the “Advanced Networking” tab of the NSX Manager UI. When installing and configuring NSX-T v2.4 for use with Enterprise PKS, use the “Advanced Networking” tab to create any required networking objects.

      Like

Leave a Reply to Roshan Kamalon Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: