Networking, Virtualization, vmware

Configure NSX-T Routing

Loasys / 12/28/2019

This post will explain how to configure NSX-T Routing on NSX-T 2.5 using the simplified UI.
We will use BGP as routing protocol for this demonstration, the top of rack router will use VyOS system.

NSX-Edge

In order to route trafic we must have an NSX Edge cluster configured which will host our Tier-0 and Tier-1 router. We will configure two NSX edge but we will show only one.

First, we will need an IP Pool which will provide IP Address for the NSX Edge overlay network interface.
Actually, when a Tier-0 or Tier-1 router is connected to an NSX-T segment, a geneve tunnel is created between the NSX Edge hosting the router and the ESXi hosts hosting VMs connected to that same segment.

We will also need a VLAN Transport Zone, which cannot be the same as the ESXi VLAN Transport Zone.

See these two posts on how to create IP Pools and Transport Zone.

In the simplified UI go to “System”, “Fabric > Nodes” and select the “Edge Transport Nodes” Tab. Click the “Add Edge VM” to create a NSX Edge VM.

Fill in all required informations “Name”, “FQDN”, “Form Factor”, “Credentials”.
A “compute manager” is configured on our system. Therefore we will deploy through vCenter Server.

Now we are going to configure the NSX part and connect our NSX Edge to one Overlay and one VLAN transport zone.

NSX Edge will use at least three network port:

  • A mangement port already set earlier (always the first network card)
  • An overlay port to build Geneve tunnel
  • A VLAN port to access the outside worl

The order of the two other cards depends on the NVDS configuration order.

Add your transport zone so we can configure the NVDS related to each of those.

We will use the default NSX Edge uplink profile containing one single nic for both NVDS.

If you are using NSX-T prior version 2.5, do not use trunk on the port group associated with overlay NVDS uplink. Otherwise you may come accross KB70745.

Use a trunk port group on the VLAN NVDS Uplink so Tier-0 routers could have multiple uplinks with different VLAN configuration.

When the configuration state of both NSX Edges are successful we can create a cluster.

NSX Edge cluster

NSX Edge cluster may have only one member, still you have to create an Edge cluster in order to create Tier-0 or Tier-1 router and all services like NAT and Load balancing.

In the simplified UI go to “System”, “Fabric > Nodes” and select the “Edge Cluster” Tab. Click “Add”.

We can now configure our NSX-T Routing.

NSX-T Routing

NSX-T only support static or BGP as routing protocol, OSPF is not there :/

Tier-0

A Tier-0 router is responsible for the North-South trafic, if used in active/passive mode, we can also configure NAT on it.

In the simplified UI go to “Networking”, “Tier-0 Gateways” and click “ADD TIER-0 GATEWAY” button.

Name your Tier-0 router and choose whether to use an “Active/Active” or “Active/Passive” mode. The modification of HA Mode setting is not possible after creation.

Two members compose our NSX edge cluster so, we can set up two Uplinks one through nsx-edge05 and one through nsx-edge06. We have to use two different IP addresses.
We will configure BGP Session with thoses two IP addresses most importantly, if we use ECMP trafic will be rerouted in 1 second in case of an NSX Edge failure.

BGP Configuration

Edit your Tier-0 router and go to the BGP dropdown link.

On the first page, just set your private AS number and choose whether to use ECMP or not (if your uplink router is capable). Click “Save”.

Now we can set our BGP neigbor, on the BGP Dropdown click “Set” Next to “BGP Neighbors”.

In the BGP neighor page, set the IP address of Uplink router, the remote as number and in the source address set the WAN ITF addresses configured earlier. Click “Save” button.

We must also configure which route to redistribute over BGP. Click the “ROUTE REDISTRIBUTION” dropdown list and click “Set”.

  • nsx-t-routing redistribute route

For our purpose we only need networks or IP addresses coming from the Tier-1 router. Click “Apply”.

Once your uplink router configured, you should have established BGP session but no route coming from NSX.

vyos@loasys-box:~$ show ip bgp neighbors 192.168.1.163
BGP neighbor is 192.168.1.163, remote AS 65532, local AS 65100, external link
  BGP version 4, remote router ID 192.168.1.163
  BGP state = Established,

vyos@loasys-box:~$ show ip bgp neighbors 192.168.1.164
BGP neighbor is 192.168.1.164, remote AS 65532, local AS 65100, external link
  BGP version 4, remote router ID 192.168.1.164
  BGP state = Established,

We have to configure Tier-1 router in order to receive routes.

Tier-1

In a two tier environment, Tier-1 router is reponsible for East-West trafic, also Tier-1 router attach Load balancer.

In the simplified UI go to “Networking”, “Tier-1 Gateways” and click “ADD TIER-1 GATEWAY” button.

Name your Tier-1 router and link it to your Tier-0 router configured previously. Click “Save” to be able to configure route advertisement.

By defaul there is only “All IPSec Local Endpoints”.
Ensure to check at least “All Connected Segments & Service Ports” and click “Save”

Now when we will connect a Tier-1 port to a segment, the Tier-1 will advertise the network to Tier-0 using BGP which will be automatically advertised to the uplink router VyOS.
Let’s check it out!

Connect a segment

In the simplified UI go to “Networking”, “Segment” and click “ADD SEGMENT” button.

Name your segment and choose the overlay transport zone as we will connect virtual machines to this segment.

Go back to your Tier-1 router and edit the configuration. Click the “SERVICE INTERFACES” dropdown list and click “Set”.

  • nsx-t-routing segment

Name your interface and set the IP address, then choose to connect it to the previously created segment here: “test-ls”. Click “Save”

And Finally i received the route from the Tier-0 router on both interfaces.

vyos@loasys-box# run sh ip bgp neighbors 192.168.1.163 received-routes
BGP table version is 0, local router ID is 192.168.1.250
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.27.0.0/24    192.168.1.163            0             0 65532 ?

Total number of prefixes 1
[edit]
vyos@loasys-box# run sh ip bgp neighbors 192.168.1.164 received-routes
BGP table version is 0, local router ID is 192.168.1.250
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 172.27.0.0/24    192.168.1.164            0             0 65532 65532 65532 65532 ?

Total number of prefixes 1

That’s it !, i hope you found something useful.

Related Posts

NSX-T and Kubernetes Part 3

01/07/2020

NSX-T and Kubernetes Part 2

01/04/2020

NSX-T and Kubernetes Part 1

12/14/2019

About Loasys

View all posts by Loasys →

1 thought on “Configure NSX-T Routing

  1. Hello!
    I am replicate your setup with NSX-T 3.0.
    Could you please make me your vyOS config available?
    Thanks
    Best regards
    Elmar

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *