Step 01 – Deploy Tier-1 Gateway
Click on Networking – Connectivity – Tier-1 gateway – Add Tier-1 .
Provide the name – if you are planning for any stateful services select edge cluster if not leave it – Save
Configure route redistribution on Tier-1
Expand Route redistribution – select as shown below and click save
Scroll down and click on close editing on right hand side.
Step 02 – Attach Segments to Tier-01 Gateway
Navigate to segments – networking – segments – click on both web , app and other segments – edit
select the gateway as Tier-1 and click save
Step 03- Create vLan Backed Segments for T0 Uplinks
Create 2 new segments for Tier-0 router uplinks.
- Provide name : T0-uplink-01 and 02
- Transport zone : vLan transport zone
- vLan id : if specific vLan id is used, specify if not 0
- Scroll down and click save.
Create 2nd uplink segment also in the same way.
Step 04 – Deploy Tier-0 Gateway
Click on Tier-0 and click add
- Name : T0-Gateway-01
- HA-Mode : Active-Active
- Edge cluster : edge-cluster-01 (created in previous post)
- click save.
Tier-0 Route redistribution Configuration
Click on set route re-distribution
- Click on add route re-distribution
- provide name
- click on set
Configure Tier-0 Gateway Uplink Interfaces
Scroll down to Interfaces – expand – click set
- Select the Name : T0-GW-uplink-01
- Type: external
- IP: 192.168.3.2/24 ( this is my interface IP used for BGP)
- connected segment : T0-uplink-01
- edge node: select esg01
- select save
Configure BGP Routing on Tier-0
Configuring BGP is very straight forward in Tier-0
expand BGP section
- Local AS : 65001 ( AS for Tier-0)
- BGP – ON
- Neighbors – Click set
Configure BGP Neighbors on Tier-0
Click on add bgp neighbor – provide neighbor ip and AS id of neighbor and source – save
Necessary BGP configuration on physical router needs to be configured for BGP to work.
Below is my router config which is in router on stick model.
router bgp 65000
neighbor 192.168.3.2 remote-as 65001
neighbor 192.168.4.2 remote-as 65001
description data vlan 3.1
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
description data vlan 4.1
encapsulation dot1Q 4
ip address 192.168.4.1 255.255.255.0
Step 05 – Connect Tier-1 with Tier-0 Gateway
Now we will connect T1 with T0.
Select the TIer-01 – edit
Select T0-Gateway created earlier as TIer-0 section – select save
settings are saved. now routing between T1 and T0 is configured automatically. no config required like NSX-V
Assign the Segments to VM’s and test connecitivity
assign respective VM’s to web and app segments
Step 06 – Test Switching and Routing
This is web vm 172.16.10.20 and it can reach 10 and other VM’s in app segments also.
Next post will cover how to configure micro-segmentation using distributed firewall.