Part 4: VMWare NSX-T Configuring Tier-1 and Tier-0 Gateways
Contents of the Post
Step 01 – Deploy Tier-1 Gateway
Click on Networking – Connectivity – Tier-1 gateway – Add Tier-1 .
Provide the name – if you are planning for any stateful services select edge cluster if not leave it – Save
Click Yes
Configure route redistribution on Tier-1
Expand Route redistribution – select as shown below and click save
Scroll down and click on close editing on right hand side.
Step 02 – Attach Segments to Tier-01 Gateway
Navigate to segments – networking – segments – click on both web , app and other segments – edit
select the gateway as Tier-1 and click save
Step 03- Create vLan Backed Segments for T0 Uplinks
Create 2 new segments for Tier-0 router uplinks.
- Provide name : T0-uplink-01 and 02
- Transport zone : vLan transport zone
- vLan id : if specific vLan id is used, specify if not 0
- Scroll down and click save.
Create 2nd uplink segment also in the same way.
Step 04 – Deploy Tier-0 Gateway
Click on Tier-0 and click add
- Name : T0-Gateway-01
- HA-Mode : Active-Active
- Edge cluster : edge-cluster-01 (created in previous post)
- click save.
Click Yes
Tier-0 Route redistribution Configuration
Click on set route re-distribution
- Click on add route re-distribution
- provide name
- click on set
select the static routes and connected interfaces and segments as shown below and click apply
Click save under route re-distribution
Configure Tier-0 Gateway Uplink Interfaces
Scroll down to Interfaces – expand – click set
- Select the Name : T0-GW-uplink-01
- Type: external
- IP: 192.168.3.2/24 ( this is my interface IP used for BGP)
- connected segment : T0-uplink-01
- edge node: select esg01
- select save
Similarly create a second uplink interface as shown below. the IP is from diff vLan
Configure BGP Routing on Tier-0
Configuring BGP is very straight forward in Tier-0
expand BGP section
- Local AS : 65001 ( AS for Tier-0)
- BGP – ON
- Neighbors – Click set
Configure BGP Neighbors on Tier-0
Click on add bgp neighbor – provide neighbor ip and AS id of neighbor and source – save
create second neighbor for second interface also.
both neighbors are created- click close
Necessary BGP configuration on physical router needs to be configured for BGP to work.
Below is my router config which is in router on stick model.
router bgp 65000
router-id 192.168.3.1
neighbor 192.168.3.2 remote-as 65001
neighbor 192.168.4.2 remote-as 65001
interface GigabitEthernet1.3
description data vlan 3.1
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
interface GigabitEthernet1.4
description data vlan 4.1
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
Step 05 – Connect Tier-1 with Tier-0 Gateway
Now we will connect T1 with T0.
Select the TIer-01 – edit
Select T0-Gateway created earlier as TIer-0 section – select save
settings are saved. now routing between T1 and T0 is configured automatically. no config required like NSX-V
Assign the Segments to VM’s and test connecitivity
assign respective VM’s to web and app segments
Step 06 – Test Switching and Routing
This is web vm 172.16.10.20 and it can reach 10 and other VM’s in app segments also.
Next post will cover how to configure micro-segmentation using distributed firewall.