Routing with NSX-T (part 2)

So after the theory, it is time to create some routed networks. In order to do this, I created a design on what I want to accomplish. Part of the design is already in place, but for this blog I have created the part which is visible in the red square:

Scope

So we already have a tier-0 gateway, connected to a tier-1 gateway, which is connected to several segments. The existing tier-1 is also used as a load balancer for my three-tier-app. In the picture you can see the red and green virtual server, which are running on the Load Balancer, connected to the tier-1 gateway.

I also connected a segment to the tier-0 gateway, just to see how routing between tiers would function and as might be expected, routing is done within the hypervisor.

So time to create the new parts within the design.

First we have to create a new Edge Node. This is necessary because my existing edge node is not capable of running multiple tier-0 gateways with uplinks to the physical network. So when creating an Edge Node, it is important to have the following information handy:

  • Transport Zone the edge node is going to be connected to
  • N-VDS’s used to connect to the transport zones
  • Connectivity to the physical network (in my case, through the use of dPG’s).
  • FQDN / IP-address / Port Group for management of the edge node

After all this information is gathered, it is time to create an edge node:

TN-Edge-02 - Step 1TN-Edge-02 - Step 2TN-Edge-02 - Step 3TN-Edge-02 - Step 4TN-Edge-02 - Step 5

After the edge node is created and running, it can be added to an Edge Node Cluster (no picture taken, this is self-explanatory).

When the edge node cluster is available, we can deploy our tier-0 gateway:

Tier-0-RJO

And after that we can create an interface, which can be used as an uplink for this tier-0 to the physical network (last octet being .250).Tier-0-RJO - uplink

At this stage, the tier-0 gateway is available and new segments can be created and connected to the tier-0. As can be seen in the picture, I created two segments, connected to Tier-0-RJO (one showing):

Segment-2

As you can see, this segment is connected to Tier-0-RJO. I have added an IP-address and subnet to the segment, which will automatically create the corresponding interface to the tier-0 gateway.

Segment-2-subnet

This way I have created two segments, with the subnets 10.209.1.0/24 and 10.209.2.0/24. Both connected to the tier-0 and as such virtual machines deployed to these two segments should be able to communicate with each other:

Ping

Within NSX (V or T) there is a tool called TraceFlow which allows us to see a little further than just a response to a ping request. So to see how traffic flows from one virtual machine to the other, I used this tool.

It displays the path the packet takes:

traceflow-2

and every step along the way:

 

traceflow-1

So this basically is everything in the red square…

However, I also want to see if it is possible to communicate from this part of the network, to the part on the right. I want to use my web-server, which is connected to the segment LS-WEB.

If I try this without any further communication, it (of course) fails. There is no route-information being exchanged between both tier-0’s and also no static routes have been configured.

In order to get the communication working, I configured BGP. I have set up BGP on both tier-0’s, where I use different AS’s (65010 for Tier-0-GW and 65020 for Tier-0-RJO).

Then connect both tier-0’s as each others neighbor:

BGP-Tier-0-RJO-1BGP-Tier-0-GW-1

After that, I selected which routes need to be advertised between the tier-0’s (by default nothing is exchanged):

Route redistribution

and after that, Bob’s your uncle:

Ping-2

Just to see how the path between the two virtual machines is, I used TraceFlow one more time, pretty impressive flow, for such a small environment 😉 :

traceflow-3

So that is routing within NSX-T. Next up, Load Balancing…

5 thoughts on “Routing with NSX-T (part 2)

  1. Mike Jones April 9, 2019 / 6:07 am

    BGP Peering between T0 (SR) is that supported now, my understanding is that is the unsupported configuration as of the current stable releases.

    Like

    • Ronald de Jong April 9, 2019 / 6:31 am

      Must say that I do not know that. Do you have a reference to this? However, since I don’t control the physical layer in this environment, I can’t do BGP that way.

      Like

      • Mike Jones April 9, 2019 / 11:34 am

        Thank you, VMware for following up. I guess some of this stuff is not publicly available; hard to tell what is supported in any given release of nsx-t. It is been developed so fast that everything is changing all the time. nsx-t 2.4 is beast with converged appliances and clustering, and some things moving to policy manager….just hard to keep up with nsx-t.

        Keep up the good work and building the fundamentals.

        Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s