Tag Archives: Configuring and Deploying an NSX Distributed Router

Network Virtualization with VMware NSX – Part 5

In Network Virtualization with VMware NSX – Part 4 we discussed Configuring and Deploying an NSX Distributed Router. Here in Network Virtualization with VMware NSX – Part 5 will discuss about VXLAN to VLAN Layer 2 Bridging, Configure and Deploy an NSX Edge Gateway, Configure Routes (Static Routing) on the NSX Edge Gateway and on the Distributed Router.

VXLAN to VLAN Layer 2 Bridging

A VXLAN to VLAN bridge enables direct Ethernet connectivity between virtual machines in a logical switch, and virtual machines in a distributed port group, This connectivity is called layer 2 bridging.

We can create a layer 2 bridge between a logical switch and a VLAN, which enables to migrate virtual workloads to physical devices with no effect on IP addresses. A logical network can leverage a physical gateway and access existing physical network and security resources by bridging the logical switch broadcast domain to the VLAN broadcast domain. Bridging can also be used in a migration strategy where you might be using P2V and you do not want to change subnets.

Note:- VXLAN to VXLAN bridging or VLAN to VLAN bridging is not supported. Bridging between different data centers is also not supported. All participants of the VLAN and VXLAN bridge must be in the same data center.

NSX Edge Services Gateway

The services gateway gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple NSX Edge services gateway virtual appliances in a datacenter. Each NSX Edge virtual appliance can have a total of ten uplink and internal network interfaces.

ESG-1

NSX Edge logical router provides East-West and NSX Edge Services Gateway provide North-South Routing.

NSX Edge Services Gateway Sizing:-

NSX Edge can be deployed in four different configurations.ESG-2When we deploy NSX Edge gateway we need to choose right size as per load/requirements. We can also covert size of ESG later from Compact to Large, X-large or Quad Large. as you can in picture.

ESG20Note :- A service interruption might occur when the old NSX Edge gateway instance is removed and the new NSX Edge gateway instance is redeployed with new size or when we convert size of ESG.

NSX Edge Services Gateway features:-

ESG-3For resiliency and high-availability NSX Edge Services Gateway can be deployed as a pair of Active/Standby units (HA Mode).

When we deploy ESG/DLR in HA mode NSX Manager deploy the pair of NSX Edges/DLR on different hosts (anti-affinity rule). Heartbeat keepalives are exchanged every second between the active and standby edge instances to monitor each other’s health status.

If the ESXi server hosting the active NSX Edge fails, at the expiration of a “Declare Dead Time” timer, the standby node takes over the active duties. The default value for this timer is 15 seconds, but it can be tuned down (via UI or API calls) to 6 seconds.

The NSX Manager also monitors the state of health of the deployed NSX Edges, so it ensures to restart the failed unit on another ESXi host.

The NSX Edge appliance supports static and dynamic routing (OSPF, IS-IS, BGP, and Route redistribution).

Deploy NSX Edge gateway and Configure the static routing:

1. Connect to vCenter Server through vSphere Web Client —> Click Home tab –> Inventories –> Networking & Security and  select NSX Edges.ESG12. Click the green plus sign (+) to open the New NSX Edge dialog box. On the Name and description page, select Edge Services Gateway. (If you want to Enable HA for ESG select the Enable High Availability check box or leave it unchecked). Enter the Name of ESG as per your company standard and click Next.ESG23. On the CLI credentials page, enter the password for ESG in the password text box. Check Enable SSH Access box to enable SSH access for ESG appliance.             Note:- Password length must be at-least 12 characters. ESG1-P

ESG34. Select the Datacenter where you want to deploy this appliance. Select Appliance Size depending on your requirement we can also convert to any Size later as well. Check Enable auto rule generation to automatically generate service rules to allow flow of control traffic.

Under NSX Edge Appliances, click the green plus sign (+) to open the Add NSX Edge Appliance dialog box.ESG45. In Add NSX Edge Appliance dialog box select the Cluster and Datastore to deploy NSX Edge Appliance in the required location and designated datastore. And Click OK.

ESG56. verify all the settings on Configure deployment page and Click Next.

ESG67. On the Configure Interfaces page,click the green plus sign (+) to open the Add NSX Edge Interface dialog box

ESG78. Enter the Interface Name in the Name text box, choose Type, Click the Connected To –> Select link and choosed the required Distributed Port group. Click the green plus sign (+) under Configure Subnets to add subnet for the Interface.

ESG89. In the Add Subnet dialog box, click the green plus sign (+) to add an IP address field. Enter required IP address (192.168.100.3) in the IP Address text box and click OK to confirm the entry. Enter the subnet prefix length (24) in the Subnet prefix length text box and click OK.

ESG910. verify all the settings on Add NSX Edge Interface dialog box and Click OK.

ESG1011. Repeat steps 7-10 to add all required interfaces for ESG and Click Next.

ESG12

ESG11

ESG13

ESG1412. Once all Interfaces has been added verify settings on Configure Interfaces dialog box and Click Next.

ESG1513. On the Default gateway settings page, selec the Configure Default Gateway check box. Verify that the vNIC selection is Uplink-Interface. and  Enter the DG address (192.168.100.2) in the Gateway IP text box and Click Next.

ESG1614. On the Firewall and HA page, Select the Configure Firewall default policy check box. and Default Traffic Policy Accept. You can see that Configure HA parameters are gray out because we have not checked the Enable High Availability check box in step 2. And Click Next.

ESG1715. On the Ready to Complete dialog box verify all the settings (if you want to change any settings go back and change that)  and click Finish to complete the deployment for NSX Edge.

ESG1816. It will take few minutes to complete the deployment. Now under NSX Edges you can see that it is showing Deployed.

ESG1917. Double Click on the NSX Edge and can see the configuration settings as we choosed while deploying this.

esg1-ppNow Will Configure Static Routes on the NSX Edge Gateway:-

1. Double Click on the NSX Edge to browse NSX Edge –> Click on the Manage tab –> click Routing and select Static Routes. And Click the green plus sign (+) to open the Add Static Route dialog box.ESG-SR12. Select the interface connected to DLR which is (Transit-Interface), Enter the network ID with Subnet Mask (172.16.0.0/24) for which you want to add Routing and Next Hop Address for configured Network (in my case 192.168.10.2) and click OK.

ESG-SR23. After every settings or Modification need to Publish Changes. Click on Publish Changes.

ESG-SR34. Once Publishing finished you can see entry under Static Routes.

ESG-SR4

Configure Static Routes on the Distributed Router:-

1.Under Networking & Security –> NSX Edges –> double-click the Distributed Router entry to manage that object.ESG19

DLR-SR12. After browsing DLR  Click on the Manage and Routing tab. In the routing category panel select Static Routes and Click the Green Plus Sign (+) to add static Routes on DLR.

DLR-SR2

3. Select the interface connected to ESG which is (Transit-Interface), Enter the network ID with Subnet Mask (192.168.110.0/24) for which you want to add Routing and Next Hop Address for configured Network (in my case 192.168.10.1) and click OK.

DLR-SR34. After every settings or Modification need to Publish Changes. Click on Publish Changes. Once done you can see Static routes in the Static Routes lists.

DLR-SR4

Once Static Routing has been done will be able to ping the Logical switch network with External network. e.g external Network 192.168.110.10 to 3 logical switch network created in part 2 172.16.0.0/24.

esg1-2

That’s it. We are done with Deploying NSX Distributed Router and NSX Edge Services Gateway and also how to Configure Static Routing on DLR and ESG. 

In the next part (Network Virtualization with VMware NSX – Part 6) will discuss how to Configure Dynamic Routing on NSX Edge Appliances and NSX Distributed Router.

Thank you and stay tuned for next part. Keep sharing the knowledge 🙂

Other NSX Parts:-

Network Virtualization with VMware NSX – Part 1

Network Virtualization with VMware NSX – Part 2

Network Virtualization with VMware NSX – Part 3

Network Virtualization with VMware NSX – Part 4

Network Virtualization with VMware NSX – Part 5

Network Virtualization with VMware NSX – Part 4

We discussed Virtual LAN (VLAN)Virtual Extensible LAN (VXLAN)Virtual Tunnel End Point (VTEP)VXLAN Replication Modes, and NSX Logical Switching in the Network Virtualization with VMware NSX – Part 3. Here in Part 4 will discuss about NSX Routing. 

NSX Routing :-

The TCP/IP protocol suite offers different routing protocols that provide a router with methods for building valid routes. The following routing protocols are supported by NSX:

Open Shortest Path First (OSPF): This protocol is a link-state protocol that uses a link-state routing algorithm. This protocol is an interior routing protocol.
Intermediate System to Intermediate System (IS-IS): This protocol determines the best route for datagrams through a packet switched network.
Border Gateway Protocol (BGP): This protocol is an exterior gateway protocol that is designed to exchange routing information between autonomous systems (AS) on the Internet.

NSX Logical Router:-

The NSX Edge logical router provides East-West distributed routing with tenant IP address space and data path isolation. Virtual machines or workloads that reside on the same host on different subnets can communicate with one another without having to traverse a traditional routing interface. A logical router can have eight uplink interfaces and up to a thousand internal interfaces.

During the configuration process, NSX Manager deploys the logical router control virtual machine and pushes the logical interface configurations to each host through the control cluster. The logical router control virtual machine is the control plane component of the routing process. The logical router control virtual machine supports the OSPF and BGP protocols.The distributed logical routers run at the kernel module level.

The NSX Controller cluster is responsible for distributing routes learned from the logical router control virtual machine across the hypervisors. Each control node in the cluster takes responsibility for distributing the information for a particular distributed logical router instance. In a deployment where multiple distributed logical router instances are deployed, the load is distributed across the NSX Controller nodes.

The distributed logical router owns the logical interface (LIF). This concept is similar to interfaces on a physical router. But on the distributed router a distributed logical router can have a maximum of 1,000 LIFs. For each segment that the distributed logical router is connected to, the distributed logical router has one ARP table.

When the LIF is connected to a VLAN, the LIF has a pMAC and when the LIF is connected to a VXLAN, the LIF has a vMAC.

NOTE :- You can have only one VXLAN LIF connecting to a logical switch. Only one distributed logical router can be connected to a logical switch.

DLR high availability:- When high availability is enabled, NSX Manager enables the VMware vCenter Server system to deploy another logical control router virtual machine. deploy two logical router control virtual machines and designate one as active and one as passive. If the active logical router control virtual machine fails, the passive logical router control virtual machine takes 15 seconds to take over. Because the control virtual machine is not in the data plane, data plane traffic is not affected.R1Configuring and Deploying an NSX Distributed Router:-

1. Connect vCenter Server through vSphere Web Client –> Home –> Inventories –> Networking & Security.

2. In the left navigation pane, select NSX Edges.DLR303. In the center pane, click the green plus sign (+) to open the New NSX Edge dialog box.DLR14. From the New NSX Edge dialog box.  On the Name and description page, click the Logical (Distributed) Router button. Enter the Name of the Distributed Router in the Name text box, Enter Hostname, Description for DLR and Tenant Name and click Next.
DLR25. On the Settings page, enter Password for DLR and Enable SSH access for DLR. If you want DLR in High Availability mode check the Enable High Availability box. And Click NEXT.DLR4Note:- Password must be at least 12 Characters log.DLR316. On the Configure Deployment page, verify that you have selected required Datacenter.DLR67. Under NSX Edge Appliances, click the green plus sign (+) to open the Add NSX Edge Appliance dialog box. Select the required Cluster/Resource Pool, Datastore, Host and Folder to deploy DLR. (If you have checked High Availability option 2 Distributed Router will be deployed). And Click OK to close the Add NSX Edge Appliance dialog box.DLR78. Verify the NSX Edge Appliances settings and Click Next.DLR89. On the Configure interfaces page, click the Connected To –> Select link under Management Interface Configuration and select the required Port Group Under Distributed Portgroup. And click OK.

DLR910. Under Configure Interfaces of this NSX Edge, click the green plus sign (+) to open the Add Interface dialog box.DLR10Note :- As discussed in Part -3 we are configuring DLR with below requirement. So we need to Add 4 Interfaces).DLR2911. In The Add Interface dialog box, Enter the name of Interface, Select Type, Click Select Link for Connected To: and choose the desired Logical Switch and OK.DLR1112. Now Click the green plus sign (+) under Configure Subnets to Add subnet for the Interface. In the Add Subnet box Click the green plus sign (+) to add IP Address and Subnet Mask and click OK.DLR12DLR1313. Once Subnets has been added click Ok to complete Add Interface.DLR1414. Repeat the steps 11-13 to Add and Configure Interfaces for other 3 (WEB, APP and Database).DLR15

DLR16

DLR17

DLR18

DLR19

DLR20

DLR2115. Once rest 3 Interfaces have been added and configured. Click Next to proceed

DLR2316. On the Ready to complete page, review the configuration and click Finish to start deploying the Logical (Distributed) Router.DLR2417. It will take some to complete the deployment of Logical (Distributed) Router.DLR2518. Verify that the Distributed Router entry has a type of Logical Router. Double-click the Distributed Router entry to manage that object. Click the Manage tab –> Settings –> Interfaces and see Status of all 4 Interfaces are green.

DLR2619. Under Configuration you can see there are 2 Logical Routers Appliances deployed. Because we choosed to deploy in HA mode. Same you can also verity from Cluster.DLR27

DLR28

20. Now after deploying the DLR with all 4 interfaces. You can Test Connectivity using Ping command between all the VMs.

In the Next Part (Network Virtualization with VMware NSX – Part 5) will discuss Configure and Deploy an NSX Edge GatewayConfigure Routes on the NSX Edge Gateway and on the Distributed Router.

—————————————————————————————————-

Other NSX Parts:-

Network Virtualization with VMware NSX – Part 1

Network Virtualization with VMware NSX – Part 2

Network Virtualization with VMware NSX – Part 3

Network Virtualization with VMware NSX – Part 4

Network Virtualization with VMware NSX – Part 5

Please share if useful …..Thank You :)