Tag Archives: ESG

Network Virtualization with VMware NSX – Part 6

In the Network Virtualization with VMware NSX – Part 5 we discussed about VXLAN to VLAN Layer 2 Bridging, Configure and Deploy an NSX Edge GatewayConfigure Routes (Static Routing) on the NSX Edge Gateway and on the Distributed Router. Here in Network Virtualization with VMware NSX – Part 6 will discuss about Configure Dynamic Routing (OSPF) on Perimeter Gateway and  on Distributed Router.

As we discussed and Configured Static Routing on both Perimeter Gateway and on Distributed Router in the Network Virtualization with VMware NSX – Part 5. So before going to configure Dynamic Routing we need to delete that.

Remove Static Routes from Perimeter Gateway and from Distributed Router:-

1. Connect to vCenter Server through vSphere Web Client —> Click Home tab –> Inventories –> Networking & Security and  select NSX Edges.ESG192. In the edge list, double-click the Perimeter Gateway to open and manage that object. In the middle pane, click the Manage tab –> click Routing and Click Static Routes.DR23. In the Static Routing list select the Route to delete and click Red X icon (X).  Click Publish Changes to take effect of the changes.DR34. Once done you’ll see the selected Static Route has been deleted from list.DR45. Repeat steps 1-4 to delete Static Routes from the Distributed Router.DR5

DR6

DR7So now we have deleted Static Routes from both Perimeter Gateway and Distributed Router.

———————————————————————————————————-

Now Will Configure Dynamic Routing (OSPF) on Perimeter Gateway:-

1. Click Home tab –> Inventories –> Networking & Security and  NSX Edges. Double Click the Perimeter Gateway router to open and manage this.DR12. Select Manage –> Routing –>  Global Configuration and Under Dynamic Routing Configuration –> Click Edit  to Edit the Dynamic Routing Configuration.OSPFESG13. In the Edit Dynamic Routing Configuration dialog box, Select the Router ID from List and Click OK.OSPFDLR24. Click Publish Changes to Apply changes.OSPFESG25. Once Changes Applied You can see under Dynamic Routing Configuration Router ID and OSPF Enabled.OSPFESG3

6. Next we need to Configure OSPF. To do so In the routing category, select OSPF and Under Area Definitions verify that Area 0 is exist. If Area 0 does not exist we need to create that.OSPFESG4

7. We need to add more area as needed. So to add Area Click Green Plus Sign (+) under Area Definitions.

8. In the New Area Definition dialog box, Enter the Area ID and Click OK.OSPFESG5

9. Click Publish Changes to Apply changes.OSPFESG6

10. Once Changes Applied You can see Area ID under Area Definitions List.OSPFESG7

11. Once Area ID has been created we need to Map Interface to specified Area. To Map Interface to Area Click Green Plus Sign (+) Under Area to Interface Mapping:OSPFESG8

12. Select the required vNIC and enter Area ID into Area box and Click OK.OSPFESG9

13. Click Publish Changes to Apply changes.OSPFESG10

14. Once changes has been applied you can see that Interface has been mapped to specified Area.OSPFESG11

15. Repeat the steps 11-14 to Map all the required Interface to Area ID.OSPFESG12

 

OSPFESG1316. Once All the Interfaces have been Mapped to Required Area ID. We need to  Redistribute Perimeter Gateway Subnets. To do so In the routing category, select Route Redistribution and Under Route Redistribution Table Click  the green plus sign (+) to open the New Redistribution criteria dialog box.OSPFESG14

17. In the New Redistribution criteria dialog box, Under Allow learning from select the Connected check box and Action Permit and Click OK.OSPFESG15

18. Click Publish Changes to Apply changes.OSPFESG16

19. In the Route Redistribution Status at the top of the page, determine if a green check mark appears next to OSPF. If a green check mark does not appear Click Edit to edit the settings to Enable OSPF.OSPFESG17

20. In the Change Redistribution settings dialog box Check the OSPF Check box and Click OK.OSPFESG18

21. Once Changes done you can see  green check mark appears next to OSPF.OSPFESG19

———————————————————————————————

Now we will be Configuring OSPF on Distributed Router:-

1. Click Home tab –> Inventories –> Networking & Security and  NSX Edges. Double Click the Distributed Router to open and manage Distributed Router.DR1

2. Select Manage –> Routing –>  Global Configuration and Under Dynamic Routing Configuration –> Click Edit  to Edit the Dynamic Routing ConfigurationOSPFDLR1

3. In the Edit Dynamic Routing Configuration dialog box, Select the Router ID from List and Click OK.OSPFDLR2

4. Click Publish Changes to Apply changes.OSPFDLR3

5. Once Changes Applied You can see under Dynamic Routing Configuration Router ID and OSPF Enabled.

6. Next we need to Configure OSPF. To do so In the routing category, select OSPF and On the right side of the OSPF Configuration panel, click Edit to open the OSPF Configuration dialog box.OSPFDLR4

7.  In the OSPF Configuration dialog box, Select the Enable OSPF check box. Enter Protocol Address and Enter Forwarding Address and Click OK.OSPFDLR5

8. We need to add more area as needed. So to add Area Click Green Plus Sign (+) under Area Definitions.OSPFDLR7

9. In the New Area Definition dialog box, Enter the Area ID and Click OK. And Click Publish Changes to Apply changes.OSPFDLR8

10.  Once Area ID has been created we need to Map Interface to specified Area. To Map Interface to Area Click Green Plus Sign (+) Under Area to Interface Mapping.OSPFDLR9

11. Select the required Interface and enter Area ID into Area box and Click OK. And Click Publish Changes to Apply changes.OSPFDLR10

12. After the changes have been published, verify that the OSPF Configuration Status is Enabled.OSPFDLR14

13. Once All the Interfaces have been Mapped to Required Area ID. We need to  Redistribute Distributed Router Internal Subnets. To do so In the routing category, select Route Redistribution and Under Route Redistribution Table Click  the pencil icon to open the Edit Redistribution criteria dialog box, and verify that settings are configured as:  Prefix Name: Any, Learner Protocol: OSPF,  Allow Learning From: Connected and Action: Permit.OSPFDLR13

If the default route redistribution entry does not appear in the list, we need to create a new route redistribution by clicking the green plus sign (+) and configure the table.

That’s it ! we have done with Configuring Dynamic Routing (OSPF) on Perimeter Gateway and  on Distributed Router.

In the next Network Virtualization with VMware NSX – Part 7 will discuss Network Address Translation (NAT) and Load Balancing with NSX Edge Gateway.

Thank You and Keep sharing 🙂

————————————————————————————————————–

Other NSX Parts:-

Network Virtualization with VMware NSX – Part 1

Network Virtualization with VMware NSX – Part 2

Network Virtualization with VMware NSX – Part 3

Network Virtualization with VMware NSX – Part 4

Network Virtualization with VMware NSX – Part 5

Network Virtualization with VMware NSX – Part 6

Network Virtualization with VMware NSX – Part 5

In Network Virtualization with VMware NSX – Part 4 we discussed Configuring and Deploying an NSX Distributed Router. Here in Network Virtualization with VMware NSX – Part 5 will discuss about VXLAN to VLAN Layer 2 Bridging, Configure and Deploy an NSX Edge Gateway, Configure Routes (Static Routing) on the NSX Edge Gateway and on the Distributed Router.

VXLAN to VLAN Layer 2 Bridging

A VXLAN to VLAN bridge enables direct Ethernet connectivity between virtual machines in a logical switch, and virtual machines in a distributed port group, This connectivity is called layer 2 bridging.

We can create a layer 2 bridge between a logical switch and a VLAN, which enables to migrate virtual workloads to physical devices with no effect on IP addresses. A logical network can leverage a physical gateway and access existing physical network and security resources by bridging the logical switch broadcast domain to the VLAN broadcast domain. Bridging can also be used in a migration strategy where you might be using P2V and you do not want to change subnets.

Note:- VXLAN to VXLAN bridging or VLAN to VLAN bridging is not supported. Bridging between different data centers is also not supported. All participants of the VLAN and VXLAN bridge must be in the same data center.

NSX Edge Services Gateway

The services gateway gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple NSX Edge services gateway virtual appliances in a datacenter. Each NSX Edge virtual appliance can have a total of ten uplink and internal network interfaces.

ESG-1

NSX Edge logical router provides East-West and NSX Edge Services Gateway provide North-South Routing.

NSX Edge Services Gateway Sizing:-

NSX Edge can be deployed in four different configurations.ESG-2When we deploy NSX Edge gateway we need to choose right size as per load/requirements. We can also covert size of ESG later from Compact to Large, X-large or Quad Large. as you can in picture.

ESG20Note :- A service interruption might occur when the old NSX Edge gateway instance is removed and the new NSX Edge gateway instance is redeployed with new size or when we convert size of ESG.

NSX Edge Services Gateway features:-

ESG-3For resiliency and high-availability NSX Edge Services Gateway can be deployed as a pair of Active/Standby units (HA Mode).

When we deploy ESG/DLR in HA mode NSX Manager deploy the pair of NSX Edges/DLR on different hosts (anti-affinity rule). Heartbeat keepalives are exchanged every second between the active and standby edge instances to monitor each other’s health status.

If the ESXi server hosting the active NSX Edge fails, at the expiration of a “Declare Dead Time” timer, the standby node takes over the active duties. The default value for this timer is 15 seconds, but it can be tuned down (via UI or API calls) to 6 seconds.

The NSX Manager also monitors the state of health of the deployed NSX Edges, so it ensures to restart the failed unit on another ESXi host.

The NSX Edge appliance supports static and dynamic routing (OSPF, IS-IS, BGP, and Route redistribution).

Deploy NSX Edge gateway and Configure the static routing:

1. Connect to vCenter Server through vSphere Web Client —> Click Home tab –> Inventories –> Networking & Security and  select NSX Edges.ESG12. Click the green plus sign (+) to open the New NSX Edge dialog box. On the Name and description page, select Edge Services Gateway. (If you want to Enable HA for ESG select the Enable High Availability check box or leave it unchecked). Enter the Name of ESG as per your company standard and click Next.ESG23. On the CLI credentials page, enter the password for ESG in the password text box. Check Enable SSH Access box to enable SSH access for ESG appliance.             Note:- Password length must be at-least 12 characters. ESG1-P

ESG34. Select the Datacenter where you want to deploy this appliance. Select Appliance Size depending on your requirement we can also convert to any Size later as well. Check Enable auto rule generation to automatically generate service rules to allow flow of control traffic.

Under NSX Edge Appliances, click the green plus sign (+) to open the Add NSX Edge Appliance dialog box.ESG45. In Add NSX Edge Appliance dialog box select the Cluster and Datastore to deploy NSX Edge Appliance in the required location and designated datastore. And Click OK.

ESG56. verify all the settings on Configure deployment page and Click Next.

ESG67. On the Configure Interfaces page,click the green plus sign (+) to open the Add NSX Edge Interface dialog box

ESG78. Enter the Interface Name in the Name text box, choose Type, Click the Connected To –> Select link and choosed the required Distributed Port group. Click the green plus sign (+) under Configure Subnets to add subnet for the Interface.

ESG89. In the Add Subnet dialog box, click the green plus sign (+) to add an IP address field. Enter required IP address (192.168.100.3) in the IP Address text box and click OK to confirm the entry. Enter the subnet prefix length (24) in the Subnet prefix length text box and click OK.

ESG910. verify all the settings on Add NSX Edge Interface dialog box and Click OK.

ESG1011. Repeat steps 7-10 to add all required interfaces for ESG and Click Next.

ESG12

ESG11

ESG13

ESG1412. Once all Interfaces has been added verify settings on Configure Interfaces dialog box and Click Next.

ESG1513. On the Default gateway settings page, selec the Configure Default Gateway check box. Verify that the vNIC selection is Uplink-Interface. and  Enter the DG address (192.168.100.2) in the Gateway IP text box and Click Next.

ESG1614. On the Firewall and HA page, Select the Configure Firewall default policy check box. and Default Traffic Policy Accept. You can see that Configure HA parameters are gray out because we have not checked the Enable High Availability check box in step 2. And Click Next.

ESG1715. On the Ready to Complete dialog box verify all the settings (if you want to change any settings go back and change that)  and click Finish to complete the deployment for NSX Edge.

ESG1816. It will take few minutes to complete the deployment. Now under NSX Edges you can see that it is showing Deployed.

ESG1917. Double Click on the NSX Edge and can see the configuration settings as we choosed while deploying this.

esg1-ppNow Will Configure Static Routes on the NSX Edge Gateway:-

1. Double Click on the NSX Edge to browse NSX Edge –> Click on the Manage tab –> click Routing and select Static Routes. And Click the green plus sign (+) to open the Add Static Route dialog box.ESG-SR12. Select the interface connected to DLR which is (Transit-Interface), Enter the network ID with Subnet Mask (172.16.0.0/24) for which you want to add Routing and Next Hop Address for configured Network (in my case 192.168.10.2) and click OK.

ESG-SR23. After every settings or Modification need to Publish Changes. Click on Publish Changes.

ESG-SR34. Once Publishing finished you can see entry under Static Routes.

ESG-SR4

Configure Static Routes on the Distributed Router:-

1.Under Networking & Security –> NSX Edges –> double-click the Distributed Router entry to manage that object.ESG19

DLR-SR12. After browsing DLR  Click on the Manage and Routing tab. In the routing category panel select Static Routes and Click the Green Plus Sign (+) to add static Routes on DLR.

DLR-SR2

3. Select the interface connected to ESG which is (Transit-Interface), Enter the network ID with Subnet Mask (192.168.110.0/24) for which you want to add Routing and Next Hop Address for configured Network (in my case 192.168.10.1) and click OK.

DLR-SR34. After every settings or Modification need to Publish Changes. Click on Publish Changes. Once done you can see Static routes in the Static Routes lists.

DLR-SR4

Once Static Routing has been done will be able to ping the Logical switch network with External network. e.g external Network 192.168.110.10 to 3 logical switch network created in part 2 172.16.0.0/24.

esg1-2

That’s it. We are done with Deploying NSX Distributed Router and NSX Edge Services Gateway and also how to Configure Static Routing on DLR and ESG. 

In the next part (Network Virtualization with VMware NSX – Part 6) will discuss how to Configure Dynamic Routing on NSX Edge Appliances and NSX Distributed Router.

Thank you and stay tuned for next part. Keep sharing the knowledge 🙂

Other NSX Parts:-

Network Virtualization with VMware NSX – Part 1

Network Virtualization with VMware NSX – Part 2

Network Virtualization with VMware NSX – Part 3

Network Virtualization with VMware NSX – Part 4

Network Virtualization with VMware NSX – Part 5