In Network Virtualization with VMware NSX – Part 4 we discussed Configuring and Deploying an NSX Distributed Router. Here in Network Virtualization with VMware NSX – Part 5 will discuss about VXLAN to VLAN Layer 2 Bridging, Configure and Deploy an NSX Edge Gateway, Configure Routes (Static Routing) on the NSX Edge Gateway and on the Distributed Router.
VXLAN to VLAN Layer 2 Bridging
A VXLAN to VLAN bridge enables direct Ethernet connectivity between virtual machines in a logical switch, and virtual machines in a distributed port group, This connectivity is called layer 2 bridging.
We can create a layer 2 bridge between a logical switch and a VLAN, which enables to migrate virtual workloads to physical devices with no effect on IP addresses. A logical network can leverage a physical gateway and access existing physical network and security resources by bridging the logical switch broadcast domain to the VLAN broadcast domain. Bridging can also be used in a migration strategy where you might be using P2V and you do not want to change subnets.
Note:- VXLAN to VXLAN bridging or VLAN to VLAN bridging is not supported. Bridging between different data centers is also not supported. All participants of the VLAN and VXLAN bridge must be in the same data center.
NSX Edge Services Gateway
The services gateway gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple NSX Edge services gateway virtual appliances in a datacenter. Each NSX Edge virtual appliance can have a total of ten uplink and internal network interfaces.
NSX Edge logical router provides East-West and NSX Edge Services Gateway provide North-South Routing.
NSX Edge Services Gateway Sizing:-
NSX Edge can be deployed in four different configurations.When we deploy NSX Edge gateway we need to choose right size as per load/requirements. We can also covert size of ESG later from Compact to Large, X-large or Quad Large. as you can in picture.
Note :- A service interruption might occur when the old NSX Edge gateway instance is removed and the new NSX Edge gateway instance is redeployed with new size or when we convert size of ESG.
NSX Edge Services Gateway features:-
For resiliency and high-availability NSX Edge Services Gateway can be deployed as a pair of Active/Standby units (HA Mode).
When we deploy ESG/DLR in HA mode NSX Manager deploy the pair of NSX Edges/DLR on different hosts (anti-affinity rule). Heartbeat keepalives are exchanged every second between the active and standby edge instances to monitor each other’s health status.
If the ESXi server hosting the active NSX Edge fails, at the expiration of a “Declare Dead Time” timer, the standby node takes over the active duties. The default value for this timer is 15 seconds, but it can be tuned down (via UI or API calls) to 6 seconds.
The NSX Manager also monitors the state of health of the deployed NSX Edges, so it ensures to restart the failed unit on another ESXi host.
The NSX Edge appliance supports static and dynamic routing (OSPF, IS-IS, BGP, and Route redistribution).
Deploy NSX Edge gateway and Configure the static routing:
1. Connect to vCenter Server through vSphere Web Client —> Click Home tab –> Inventories –> Networking & Security and select NSX Edges.2. Click the green plus sign (+) to open the New NSX Edge dialog box. On the Name and description page, select Edge Services Gateway. (If you want to Enable HA for ESG select the Enable High Availability check box or leave it unchecked). Enter the Name of ESG as per your company standard and click Next.3. On the CLI credentials page, enter the password for ESG in the password text box. Check Enable SSH Access box to enable SSH access for ESG appliance. Note:- Password length must be at-least 12 characters.
4. Select the Datacenter where you want to deploy this appliance. Select Appliance Size depending on your requirement we can also convert to any Size later as well. Check Enable auto rule generation to automatically generate service rules to allow flow of control traffic.
Under NSX Edge Appliances, click the green plus sign (+) to open the Add NSX Edge Appliance dialog box.5. In Add NSX Edge Appliance dialog box select the Cluster and Datastore to deploy NSX Edge Appliance in the required location and designated datastore. And Click OK.
6. verify all the settings on Configure deployment page and Click Next.
7. On the Configure Interfaces page,click the green plus sign (+) to open the Add NSX Edge Interface dialog box
8. Enter the Interface Name in the Name text box, choose Type, Click the Connected To –> Select link and choosed the required Distributed Port group. Click the green plus sign (+) under Configure Subnets to add subnet for the Interface.
9. In the Add Subnet dialog box, click the green plus sign (+) to add an IP address field. Enter required IP address (192.168.100.3) in the IP Address text box and click OK to confirm the entry. Enter the subnet prefix length (24) in the Subnet prefix length text box and click OK.
10. verify all the settings on Add NSX Edge Interface dialog box and Click OK.
11. Repeat steps 7-10 to add all required interfaces for ESG and Click Next.
12. Once all Interfaces has been added verify settings on Configure Interfaces dialog box and Click Next.
13. On the Default gateway settings page, selec the Configure Default Gateway check box. Verify that the vNIC selection is Uplink-Interface. and Enter the DG address (192.168.100.2) in the Gateway IP text box and Click Next.
14. On the Firewall and HA page, Select the Configure Firewall default policy check box. and Default Traffic Policy Accept. You can see that Configure HA parameters are gray out because we have not checked the Enable High Availability check box in step 2. And Click Next.
15. On the Ready to Complete dialog box verify all the settings (if you want to change any settings go back and change that) and click Finish to complete the deployment for NSX Edge.
16. It will take few minutes to complete the deployment. Now under NSX Edges you can see that it is showing Deployed.
17. Double Click on the NSX Edge and can see the configuration settings as we choosed while deploying this.
Now Will Configure Static Routes on the NSX Edge Gateway:-
1. Double Click on the NSX Edge to browse NSX Edge –> Click on the Manage tab –> click Routing and select Static Routes. And Click the green plus sign (+) to open the Add Static Route dialog box.2. Select the interface connected to DLR which is (Transit-Interface), Enter the network ID with Subnet Mask (172.16.0.0/24) for which you want to add Routing and Next Hop Address for configured Network (in my case 192.168.10.2) and click OK.
3. After every settings or Modification need to Publish Changes. Click on Publish Changes.
4. Once Publishing finished you can see entry under Static Routes.
Configure Static Routes on the Distributed Router:-
1.Under Networking & Security –> NSX Edges –> double-click the Distributed Router entry to manage that object.
2. After browsing DLR Click on the Manage and Routing tab. In the routing category panel select Static Routes and Click the Green Plus Sign (+) to add static Routes on DLR.
3. Select the interface connected to ESG which is (Transit-Interface), Enter the network ID with Subnet Mask (192.168.110.0/24) for which you want to add Routing and Next Hop Address for configured Network (in my case 192.168.10.1) and click OK.
4. After every settings or Modification need to Publish Changes. Click on Publish Changes. Once done you can see Static routes in the Static Routes lists.
Once Static Routing has been done will be able to ping the Logical switch network with External network. e.g external Network 192.168.110.10 to 3 logical switch network created in part 2 172.16.0.0/24.
That’s it. We are done with Deploying NSX Distributed Router and NSX Edge Services Gateway and also how to Configure Static Routing on DLR and ESG.
In the next part (Network Virtualization with VMware NSX – Part 6) will discuss how to Configure Dynamic Routing on NSX Edge Appliances and NSX Distributed Router.
Thank you and stay tuned for next part. Keep sharing the knowledge 🙂
Other NSX Parts:-
Network Virtualization with VMware NSX – Part 1
Network Virtualization with VMware NSX – Part 2
Network Virtualization with VMware NSX – Part 3
Network Virtualization with VMware NSX – Part 4
Network Virtualization with VMware NSX – Part 5