Module 5: NSX-T Data Center

Logical Routing

© 2020 VMware, Inc.

Importance
In NSX-T Data Center, logical routing provides an optimized and scalable way of handling east-
west and north-south traffic. You must understand the NSX-T Data Center logical routing
architecture, routing components, and routing features to build an efficient and secure layer 3
network infrastructure.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5-2
Module Lessons
1. Overview of Logical Routing
2. NSX Edge and Edge Clusters
3. Configuring Tier-0 and Tier-1 Gateways
4. Configuring Static and Dynamic Routing
5. ECMP and High Availability
6. Logical Routing Packet Walk
7. VRF Lite and EVPN

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5-3
Lesson 1: Overview of Logical Routing

© 2020 VMware Inc. All rights reserved.

Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Explain the function and features of logical routing
• Describe the architecture of NSX-T Data Center two-tier routing
• Differentiate between north-south and east-west routing
• Describe the gateway components
• Recognize the various types of gateway interfaces

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5-5
Use Cases for Logical Routing
In NSX-T Data Center, logical routing is used in many ways:
• Support for single or multitenant deployment models
• Separation of tenants and networks
• Solution for cloud environments with containerized workloads and multihypervisors
• Optimized routing path and simplified routing in virtual networks
• Distributed routing and centralized services in data centers
• Ability to extend logical networks to physical environments

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5-6
Prerequisites for Logical Routing
For logical routing to work, certain requirements must be met:
• The NSX management cluster must be formed and available.
• Transport zones and N-VDS/VDS should be created.
• Hypervisors must be prepared as NSX-T Data Center transport nodes and added to the
management plane.
• Transport nodes must be attached to the appropriate transport zones.
• An N-VDS/VDS instance must be created on each transport node.
• The NSX Edge nodes must be deployed and preconfigured according to the requirements.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5-7
Logical Routing in NSX-T Data Center
NSX-T Data Center gateways provide:
• Centralized north-south routing
• Distributed east-west routing
• Multitenant support
• Centralized stateful services, such as NAT or
load balancing

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5-8
Tier-0 and Tier-1 Gateways
A gateway can be deployed as either a Tier-0 or a Tier-1 gateway.

Tier-0 Gateway Tier-1 Gateway

Generally owned and configured by the provider Owned and configured by the tenant
or infrastructure administrator
Supports static or dynamic routing (BGP) on Does not require or use any dynamic protocols
uplinks toward the upstream physical gateway
Supports equal-cost multipath (ECMP) routing to Does not support ECMP and must connect to a Tier-0
upstream physical gateways gateway for external connectivity
Offers a gateway service between logical and Offers default gateway services to local logical
physical networks (north-south) networks (east-west)
Provides segment interconnection and separation
Always requires an NSX Edge cluster if Requires an NSX Edge cluster only if services are
configured with uplinks used

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5-9
Edge Nodes and Edge Clusters
An NSX Edge node runs services that cannot be distributed to the hypervisors:
• An NSX Edge node exists in different form factors: bare metal or virtual machine.
• An NSX Edge node can only be part of one cluster.
• An NSX Edge node can only host one Tier-0 gateway.

An NSX Edge cluster is a group of NSX Edge nodes:

• An NSX Edge cluster helps ensure that at least one NSX Edge node is always available.
• An NSX Edge cluster must exist if you want to create a Tier-0 gateway with physical uplinks.
• An NSX Edge cluster must exist if you want to create a Tier-0 or a Tier-1 gateway with stateful
services.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 10
Single-Tier Topology
In a single-tier deployment, segments are connected directly to the Tier-0 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 11
Multitier Topology
In a multitier deployment, segments are connected to the Tier-1 gateways, and the Tier-1
gateways are connected to the Tier-0 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 12
Tier-0 Gateway Uplink Connections
Each Tier-0 can have one or multiple uplinks to the physical world.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 13
Gateway Components (1)
Distributed router (DR): Service router (SR):
• Provides distributed east- • Provides north-south
west routing functionality routing functionality
• Provides basic packet- • Provides routing and
forwarding functionalities centralized services, such
• Spans all transport nodes as NAT, load balancing,
(hypervisors and edge and so on
transport nodes) • Created only on NSX Edge
• First hop routing performed nodes that are part of an
on the hypervisors edge cluster
• Required if the Tier-0
gateway is configured with
uplinks

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 14
Gateway Components (2)

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 15
Gateway Components in a Single-Tier Topology
The diagram shows a logical and physical view of a single-tier configuration.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 16
Gateway Components in a Multitier Topology (1)
The diagram shows a logical and physical view of a multitier configuration where the Tier-1
gateways is not configured with an edge cluster.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 17
Gateway Components in a Multitier Topology (2)
The diagram shows the logical and physical views of a multitier configuration with services
configured on both Tier-1 gateways.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 18
Gateway Interfaces
The following types of interfaces are used by
gateways:
• Uplink interfaces connect Tier-0 gateways to
upstream physical devices.
• Downlink interfaces connect segments
(logical switches) to gateways.
• RouterLink ports connect Tier-0 and Tier-1
gateways.
• An intratier transit link is an internal link
between the distributed and service routers
on a gateway.
• The service interface is a special interface
for VLAN-based services and partner service
redirection.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 19
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Explain the function and features of logical routing
• Describe the architecture of NSX-T Data Center two-tier routing
• Differentiate between north-south and east-west routing
• Describe the gateway components
• Recognize the various types of gateway interfaces

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 20
Lesson 2: NSX Edge and Edge Clusters

© 2020 VMware Inc. All rights reserved.

Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Describe the main functions and features of the NSX Edge node
• Describe the functions of the NSX Edge cluster
• Identify the different form factors and sizing options
• Describe the different edge node deployment methods

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 22
About the NSX Edge Node
The NSX Edge node has several functions:
• Serves as a resource for the routing
components, providing connectivity to
external networks
• Hosts gateways that offer various networking
services (such as NAT, load balancing, and
so on)
• Offers DPDK-based VM or bare-metal form
factors for high performance
• Closes overlay network tunnels
• Uses a Linux OS-based control plane
• Uses separate routing tables for
management and overlay traffic

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 23
About the NSX Edge Cluster
An NSX Edge cluster helps ensure that at least one NSX Edge node is always available.
When you configure an edge cluster, the following guidelines apply:
• A maximum of 10 edge nodes are supported in a cluster.
• An edge transport node can be added to only one edge cluster.
• A maximum of 160 clusters can be configured.
• When configuring any kind of service through a service router, an edge cluster is required.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 24
NSX Edge Node Form Factors
The NSX Edge node supports the following form factors:
• VM on an ESXi host
• Bare-metal node

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 25
NSX Edge VM Sizing Options
For NSX Edge nodes deployed as VMs on hypervisors, several deployment sizes are available.

Size Memory vCPU Disk Space VM Hardware Version

Small 4 GB 2 200 GB 11 or later (vSphere 6 or later)
Medium 8 GB 4 200 GB 11 or later (vSphere 6 or later)
Large 32 GB 8 200 GB 11 or later (vSphere 6 or later)
Extra Large 64 GB 16 200 GB 11 or later (vSphere 6 or
later)

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 26
Prerequisites for Deploying the NSX Edge Node VM
For deploying an NSX Edge node in the VM form factor, the following prerequisites must be
satisfied:
• The supported deployment media are: OVA, OVF, ISO, and preboot execution environment
(PXE).
• You can only deploy the NSX Edge node VM on an ESXi hypervisor.
• If using PXE, the password for root and admin users must be encrypted with SHA-512.
• The host name must not contain invalid characters.
• It is not supported to remove or replace the VMware Tools on the NSX Edge node VM.
• NSX TCP and IP ports must be open.
• All the edge nodes in an edge cluster should use the same NTP service.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 27
Deployment Considerations for Edge Node VM Interfaces
An edge node deployment requires various
interface types and assignments:
• In the vSphere distributed switch or standard
switch, you must allocate at least two vmnics
to the NSX Edge node.
• The first interface must be defined for
management access (eth0) by using one
vNIC.
• The N-VDS/VDS module allocates datapath
interfaces (fp-ethX) for overlay tunneling and
uplink connections by using the remaining
vNICs.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 28
Deploying the Edge Node VM for Multiple Virtual Switches
Multiple virtual switches might run on the ESXi transport node where the edge node is deployed.
For example, one switch (N-VDS or VDS with vSphere 7) might be configured for NSX and other
vSphere switches might also exist.
Consider the following factors when multiple switches are used:
• The NSX Edge vNICs are best attached to the switches that are not configured by NSX
(vSphere standard or distributed switch).
• Separate uplink interfaces must be used for each switch.
• The NSX Edge node TEP IP range can be the same as the host transport node TEP IP
address range.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 29
Deploying the Edge Node VM for One Virtual Switch
The ESXi transport node where the edge node is deployed might use only one switch (N-VDS or
VDS with vSphere 7) that is configured for NSX.
Consider the following factors when one switch is used:
• The NSX Edge vNICs can be attached to the N-VDS/VDS.
• The NSX Edge node must be deployed by using separate VLAN-backed logical switches for
the uplink connectivity.
• The subnet for the edge node TEP must be different from the host transport node TEP IP
range.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 30
Requirements for the NSX Edge Bare-Metal Node
The NSX Edge node can be installed on a bare-metal hardware.

Form Factor Memory CPU Cores Disk CPU Capability

Bare metal (minimum 32 GB 8 200 GB AES-NI1
requirements) GB Huge Page support
Bare metal (recommended 256 GB 24 500 GB AES-NI1
requirements) GB Huge Page support

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 31
Prerequisites for Deploying the NSX Edge Bare-Metal Node
For deploying an NSX Edge node in the bare-metal form factor, the following prerequisites must
be satisfied:
• The only supported deployment media is ISO with or without preboot execution environment
(PXE).
• The bare-metal form factor has specific hardware requirements.
• If using PXE, the password for root and admin users must be encrypted with SHA-512.
• The host name must not contain invalid characters.
• NSX TCP and IP ports must be open.
• All the edge nodes in an edge cluster should use the same NTP service.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 32
Options for Deploying NSX Edge Node
The following ways are available to deploy an edge node in the VM form factor:
• Use the NSX UI.
• Deploy an OVF template in vCenter Server.
• Use the OVF tool command-line utility.
• Use an ISO file and a PXE server to automate the network configuration.
For the bare-metal form factor, an ISO file is used for the installation:
• You can use a PXE server to automate the network configurations.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 33
Deploying NSX Edge Nodes from the NSX UI (1)
You can deploy edge transport nodes directly from the NSX UI by navigating to System > Fabric
> Nodes > Edge Transport Nodes.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 34
Deploying NSX Edge Nodes from the NSX UI (2)
The datapath interfaces are defined when adding the edge transport node:
• The number of TEP interfaces is based on the Uplink Profile selection.
• An NSX Edge node can belong to one overlay network and multiple VLAN transport zones.
• An NSX Edge node must belong to at least one VLAN transport zone to provide the uplink
access.
• The uplink profile determines the number of uplinks.

Two switches are configured: one

for the overlay network and one for
the VLAN to the physical network.

The number of uplinks depends on the

Uplink Profile selection. In this example, it
is configured with one uplink.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 35
Deploying NSX Edge Nodes from vCenter Server
You can deploy NSX Edge nodes in the vSphere Client from an OVF template.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 36
Using PXE to Deploy NSX Edge Nodes from an ISO File
By using PXE, the networking settings, such as IP address, gateway, network mask, NTP, and
DNS, are automatically configured.
The PXE boot process includes several components, including DHCP, HTTP, and TFTP servers.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 37
Installing NSX Edge on Bare Metal
To install NSX Edge for NSX-T Data Center on
bare metal by using an ISO file:
1. Verify that the system BIOS mode is set to
Legacy BIOS.
2. Create a bootable disk with the NSX Edge
ISO file on it.
3. Boot the physical machine from the disk.
4. Select Automated install.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 38
Joining NSX Edge with the Management Plane
Installing the NSX Edge node by any method other than the NSX UI does not automatically join
NSX Edge to the management plane.
To join an NSX Edge node with the management plane:
1. Open an SSH session to the NSX Manager appliance and retrieve the SSL thumbprint by
entering get certificate api thumbprint at the command prompt.
2. Open an SSH session to the edge node and run the join management-plane command.

The NSX Edge node successfully joined

the management plane.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 39
Verifying the Edge Transport Node Status
In the NSX UI, navigate to System > Fabric > Nodes > Edge Transport Nodes to verify the
nodes status and configuration state.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 40
Changing the Edge VM Resource Reservations
You can change the VM resource reservation for the NSX Edge VMs deployed by using NSX
Manager. Navigate to Actions > Change Edge VM Resource Reservations.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 41
Changing Node Settings
Select Change Node Settings from the Actions menu to modify the NSX Edge node settings.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 42
Postdeployment Verification Checklist
After deployment, you can verify the connectivity of the NSX Edge nodes in several ways:
 If you enabled SSH, verify that you can use SSH to access the newly deployed edge nodes.
 Verify that you can ping your NSX Edge node.
 Verify that the NSX Edge nodes can ping their corresponding default gateway.
 Verify that the NSX Edge nodes can ping the hypervisor hosts that are in the same network as
the NSX Edge nodes.
 Verify that the NSX Edge nodes can reach their configured DNS server and NTP server.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 43
Creating an Edge Cluster
You can deploy an edge cluster from the NSX UI by navigating to System > Fabric > Nodes >
Edge Clusters.
1

Select the edge nodes and

move them into the selected
area by clicking the arrow.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 44
Lab 6: Deploying and Configuring NSX Edge Nodes
Deploy NSX Edge nodes and configure them as transport nodes:
1. Prepare for the Lab
2. Deploy Two NSX Edge Nodes
3. Configure an Edge Cluster

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 45
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Describe the main functions and features of the NSX Edge node
• Describe the functions of the NSX Edge cluster
• Identify the different form factors and sizing options
• Describe the different edge node deployment methods

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 46
Lesson 3: Configuring Tier-0 and Tier-1
Gateways

© 2020 VMware Inc. All rights reserved.

Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Configure a Tier-1 gateway
• Configure a Tier-0 gateway
• Test end-to-end connectivity provided by Tier-0 and Tier-1 gateways

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 48
Gateway Configuration Tasks
To achieve full network connectivity, you must configure the
following components:
1. Create the Tier-1 gateway and its segments.
2. Connect the segments to the Tier-1 gateway.
3. Create the uplink segments.
4. Create the Tier-0 gateway and define the uplink connections.
5. Configure static or dynamic routing on the Tier-0 gateway.
6. Configure the connectivity between the Tier-0 and Tier-1
gateways.
7. Enable route advertisement and redistribution.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 49
Creating the Tier-1 Gateway
Create a Tier-1 gateway by navigating to Networking > Connectivity > Tier-1 Gateways.

If you are not planning to configure stateful

services, do not to select an edge cluster. This
method ensures that resources are saved in
your environment.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 50
Connecting Segments to the Tier-1 Gateway
Connect segments to the Tier-1 gateway by navigating to Networking > Connectivity >
Segments.

When connecting a segment to

a gateway, the subnet or
Select the Tier-1 gateway that gateway IP address must be
you created. configured.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 51
Testing East-West Connectivity
VMs on various subnets (segments) attached to the Tier-1 gateway can now reach each other.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 52
Creating the Uplink Segments
Create the uplink segments that are associated with the Tier-0 gateway uplinks.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 53
Creating the Tier-0 Gateway (1)
Create a Tier-0 gateway by navigating to Networking > Connectivity > Tier-0 Gateways.

Because Tier-0 is configured

with uplinks, a cluster has to be
specified.

You must save the

configurations before you
can configure the
interfaces.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 54
Creating the Tier-0 Gateway (2)
Configure the Tier-0 gateway interfaces to associate with the previously created uplink segments.

Uplink-1 is located on sa-nsxedge-

01. An SR is created on that edge
node.

Uplink-2 is located on sa-nsxedge-

02. Another SR is created on that
edge node.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 55
Configuring Routing
Configure static or dynamic routing to the remote networks by editing the Tier-0 gateway.

Click Set to configure static For dynamic routing, you can

route in the ROUTING configure BGP settings in the
section. BGP section of the Tier-0
gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 56
Connecting the Tier-1 and Tier-0 Gateways
Connect the Tier-1 gateway to the Tier-0 gateway by navigating to Networking > Connectivity >
Tier-1 Gateways and editing the Tier-1 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 57
Enabling Route Advertisement in the Tier-1 Gateway
Enable route advertisement on the Tier-1 gateway for tenant networks to be propagated to the
Tier-0 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 58
Configuring Route Redistribution on the Tier-0 Gateway
Configure route redistribution on the Tier-0 gateway to redistribute learned routes to the upstream
routers.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 59
Testing North-South Connectivity
VMs on the tenant networks can now communicate with external workloads.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 60
Lab 7: Configuring the Tier-1 Gateway
Create and configure a Tier-1 gateway for East-West L3 connectivity:
1. Prepare for the Lab
2. Create a Tier-1 Gateway
3. Connect Segments to the Tier-1 Gateway
4. Test East-West L3 Connectivity

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 61
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Configure a Tier-1 gateway
• Configure a Tier-0 gateway
• Test end-to-end connectivity provided by Tier-0 and Tier-1 gateways

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 62
Lesson 4: Configuring Static and Dynamic
Routing

© 2020 VMware Inc. All rights reserved.

Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Distinguish between static and dynamic routing
• Configure static routes on the Tier-0 gateway
• Configure BGP on the Tier-0 gateway

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 64
Static and Dynamic Routing
Static routing: Dynamic routing:
• Static route configuration is a manual • Dynamic route configuration enables
procedure performed by administrators. gateways to exchange some information
• The configuration process enables fine- about the network.
tuning of route selection. • Routing protocols are used to share
• Route changes cannot be made dynamically. information about networks.
• Limited scalability is because of • Routers inform neighbor gateways when a
administrative overhead. network change occurs.
• Failover planning is possible:
– Network administrators must design and
account for all network failure scenarios.
– Route redundancy must be configured
manually.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 65
Tier-0 Gateway Routing Configurations
The Tier-0 gateway supports the following
routing configurations:
• Static routing toward upstream physical
gateways
• Dynamic routing (BGP):
– External BGP (eBGP) sessions with
upstream physical gateways
– Internal BGP (iBGP) sessions with other
Tier-0 gateways in the same AS

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 66
Configuring Static Routes on a Tier-0 Gateway (1)
You can configure static routes in the ROUTING section of the Tier-0 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 67
Configuring Static Routes on a Tier-0 Gateway (2)
You can add one or multiple static routes and configure the next hops.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 68
Configuring Dynamic Routing on Tier-0 Gateways (1)
To configure dynamic routing, you can configure BGP in the BGP section of the Tier-0 gateway.

Turn on the BGP

toggle and enter
the Local AS.

You can configure the

BGP neighbors by
clicking Set.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 69
Configuring Dynamic Routing on Tier-0 Gateways (2)
You can configure BGP neighbors by adding their AS number, IP addresses, and source
addresses.
Enter a source address to establish a peering
session with a neighbor by using this specific
source address. If none, the gateway
Enter the IP address Enter the remote
automatically selects one.
of the neighbor. AS number.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 70
Verifying BGP Configuration of the Tier-0 Gateway on the Edge Nodes
You use the edge node CLI to verify NSX Edge BGP connections.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 71
Advanced Configurations for BGP
You can configure the following
advanced BGP settings:
• Inter-SR routing
• BFD
• Allow AS-In
• Multipath relax
• Route advertisement filtering:
– IP prefix lists
– Community lists
– Route maps
• Route aggregation

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 72
Inter-SR Routing
Service routers (SRs) exchange routing
information through iBGP peers in the same
Tier-0 gateway.
Inter-SR routing works in the following ways:
• Increases the resiliency by avoiding traffic
black hole if only a single uplink is faulty
• Synchronizes eBGP and static routes
• Is only applicable for active-active Tier-0
gateways

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 73
About BFD
Bidirectional Forwarding Detection (BFD) is an
end-to-end protocol that can detect forwarding
path failures:
• Provides fast detection of node (edge or
physical gateway) or uplink failure
• Protects both static routes and BGP peers
• Establishes multiple BFD sessions if multiple
links exist between two systems
• Can be enabled per BGP neighbor or
globally per gateway

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 74
Enabling BFD
You can enable and configure BFD when configuring the BGP neighbors.

Enable BFD

The minimum interval after The amount of time (1,000 ms

which the local routing device x 3 by default) a gateway waits
must receive a reply from a for incoming BFD messages
neighbor with which it has before it assumes that the
established a BFD session. neighbor is inactive.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 75
About the Allow AS-In Setting
By default, BGP drops received routes that
contain their own ASN to avoid loops.
For a single customer with two sites
interconnected to the same ISP, routes
received from a BGP peer can contain the
same ASN.
The BGP allowas-in configuration option
can be used to accept those routes.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 76
Enabling the Allow AS-In Setting
You can enable Allow AS-In when configuring the BGP neighbors.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 77
Multipath Relax
BGP multipath relax enables ECMP across
different neighboring ASNs if all other attributes
are equal:
• To support load balancing, the same prefix
can be advertised from multiple BGP
gateways.
• From the perspective of other eBGP
neighbors, this prefix includes BGP paths
with different AS_PATH attribute values but
the same AS_PATH attribute lengths.
Multipath relax can be configured in the BGP
section of the Tier-0 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 78
IP Prefix Lists
An IP prefix list contains IP networks with subnet masks that are permitted or denied, based on
the match condition. IP prefix lists are used in BGP filters or route maps with the in or out
direction specified.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 79
Configuring an IP Prefix List
You can configure the IP prefix list by allowing or denying network prefixes:
• Allow (Permit) 10.0.0.0/8 network prefixes so that they can be advertised.
• Deny 192.168.0.0/24 network prefixes with le settings greater than or equal to 26 bits and ge
settings less than or equal to 30 bits for the network mask.

Enter the network Set a range of IP Select the

in CIDR format. address numbers in the Deny or Permit
le or ge modifiers. action.

Prefixes that are not permitted

in a prefix list are implicitly
denier.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 80
Community Lists and Communities
A community list is a group of BGP communities.
Community lists are configured in a route map as a matching
criteria to:
• Define routes that are advertised, accepted, or filtered
• Set BGP attributes for the routes
A community is a BGP attribute that can be used to tag a specific
set of routes that share common properties:
• A 4-byte value identifies a community.
• The following predefined communities are available:
• INTERNET
• NO_ADVERTISE
• NO_EXPORT
• NO_EXPORT_SUBCONFED

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 81
Configuring Community Lists
The community lists can be configured in the ROUTING section of the Tier-0 gateway.

You can select one of the existing Or, you can specify a numeric You can check in
communities: NO_ADVERTISE, value used for your own policies, which Route
NO_EXPORT_SUBCONFED, or where the first number is the AS Maps, this
NO_EXPORT. number and the second is the community list is
chosen value. used.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 82
About Route Maps
A route map defines which routes from the specified routing protocol can be redistributed into the
target routing process.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 83
Configuring Route Maps
A route map includes matching criteria and BGP attributes.

Set BGP Weight, Local

Preference, AS Path
Prepend, MED, and
Community.

Match IP Prefix List

or Community List

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 84
Using Route Maps in BGP Route Advertisements
Route maps are supported globally or per neighbor (BGP peer).

Route maps can be

referenced at the BGP-
neighbor level for route
redistribution.

User-created prefix lists or route

maps can be applied to BGP
neighbors to filter route
advertisements.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 85
Route Aggregation
Route aggregation is a BGP feature that allows
the aggregation of specific routes into one
route:
• Reduces the size of the routing tables
• Reduces the number of advertised routes
• Accelerates the best path calculation

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 86
Configuring Route Aggregation
Route aggregation can be configured in the BGP section of the Tier-0 gateway.

Add the prefix you want to

advertise with Summary-
Only set to Yes.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 87
Lab 8: Configuring the Tier-0 Gateway
Create a Tier-0 gateway and configure the north-south end-to-end connectivity:
1. Prepare for the Lab
2. Create Uplink Segments
3. Create a Tier-0 Gateway
4. Connect the Tier-0 and Tier-1 Gateways
5. Test the End-to-End Connectivity

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 88
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Distinguish between static and dynamic routing
• Configure static routes on the Tier-0 gateway
• Configure BGP on the Tier-0 gateway

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 89
Lesson 5: ECMP and High Availability

© 2020 VMware Inc. All rights reserved.

Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Explain the purpose of ECMP routing
• Use the NSX UI to configure ECMP routing
• Identify the active-active and active-standby modes for high availability
• Recognize failure conditions and explain the failover process

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 91
About Equal-Cost Multipath Routing
Equal-cost multipath (ECMP) routing has
several features and functions:
• ECMP routing increases the north-south
communication bandwidth by combining
multiple uplinks.
• ECMP routing performs traffic load
balancing.
• ECMP routing provides fault tolerance for
failed paths.
• A maximum of eight ECMP paths are
supported.
• Hashing is based on 2-tuple IP source and
destination addresses.
• ECMP routing is only available on Tier-0
gateways.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 92
Enabling ECMP
ECMP is enabled on Tier-0 gateways when Border Gateway Protocol (BGP) is enabled. ECMP
can be disabled in the BGP configuration section on the Tier-0 Gateway page.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 93
Configuring High Availability
You can configure high availability on the gateways for redundancy.
High availability can be configured in the following modes:
• Active-active:
– All the edge nodes are active and run the gateway services simultaneously.
– The workload is distributed between all nodes to prevent overloading one single node.
• Active-standby:
– One edge node is active, and the other edge nodes remain on standby.
– The standby nodes are used as backup nodes.
– One of the standby nodes takes over when the active node becomes unavailable.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 94
Active-Active Mode
Logical routing services are active on more
than one edge node at a time.
The active-active mode is the default high
availability mode for Tier-0 gateways.
Tier-1 gateways are not supported in this mode.
The active-active mode supports:
• ECMP routing
• Stateless services

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 95
Active-Standby Mode
Logical routing is active on only one edge node
at a time. Similarly, SR is active on only one
edge node at a time.
Tier-0 gateways also support this mode.
Active-standby is the only high availability mode
for Tier-1 gateways.
The following centralized stateful services are
provided in the active-standby mode:
• SNAT/DNAT
• Edge firewall
• DHCP server
• VPN
• Load balancer
• DNS relay

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 96
Failover Detection Mechanisms
The failover process uses the following mechanisms to check the connectivity between tiers:
• Bidirectional Forwarding Detection (BFD): on the management and overlay network
• Border Gateway Protocol (BGP): on the uplinks

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 97
About BFD
High availability uses BFD to detect forwarding
path failures.
BFD provides a low-overhead detection of
faults even on physical media that do not
support failure detection of any kind, such as
Ethernet.
BFD keepalives are sent on both management
and tunnel interfaces.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 98
Failover Scenario: BFD
If a standby gateway fails to receive BFD keepalives on both management and tunnel interfaces,
the gateway becomes active.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 99
Failover Scenario: BGP
The dynamic routing protocol peer sessions are established on uplinks. If an active gateway
loses all its BGP neighbors and a standby gateway is available, the active gateway steps down
and becomes the standby gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 100
Failover Modes
You can select different failover modes:
• Preemptive: If the preferred node fails and then recovers, it takes over its peer and becomes
the active node. The peer changes its state to standby.
• Non Preemptive: If the preferred node fails and then recovers, it checks whether its peer is
active. If the peer is active, the preferred node stays in the standby mode.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 101
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Explain the purpose of ECMP routing
• Use the NSX UI to configure ECMP routing
• Identify the active-active and active-standby modes for high availability
• Recognize failure conditions and explain the failover process

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 102
Lesson 6: Logical Routing Packet Walk

© 2020 VMware Inc. All rights reserved.

Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Understand the datapath of single-tier routing
• Understand the datapath of multitier routing

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 104
Single-Tier Routing: Egress to Physical Network (1)
A packet is sent from the source VM 10.1.1.10 to the destination VM 192.168.10.1:
1. The packet is forwarded to its default 10.1.1.1 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 105
Single-Tier Routing: Egress to Physical Network (2)
2. The gateway (DR) checks its forwarding table. Because a specific route does not exist for the
192.168.10.0/24 network, the packet is sent to the default 169.254.0.2 gateway, which is the
SR component on the edge node.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 106
Single-Tier Routing: Egress to Physical Network (3)
3. To send the packet from the hypervisor to the edge node, the packet is encapsulated with a
Geneve header.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 107
Single-Tier Routing: Egress to Physical Network (4)
4. The encapsulated packet is sent to the edge node across the overlay tunnel.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 108
Single-Tier Routing: Egress to Physical Network (5)
5. The edge node decapsulates the packet and sends it to its SR component. The gateway (SR)
routing table shows a route for the 192.168.10.0/24 network over the uplink segment.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 109
Single-Tier Routing: Egress to Physical Network (6)
6. The edge node sends the packet to its upstream physical gateway, which routes the packet to
its destination 192.168.10.1.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 110
Single-Tier Routing: Ingress from Physical Network (7)
7. For the return packet, the source VM 192.168.10.1 sends the packet to its default gateway,
which routes the packet to the edge node.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 111
Single-Tier Routing: Ingress from Physical Network (8)
8. The SR and the DR components on an edge node share their routing table. A route is directly
connected to the 10.1.1.0/24 network over Segment 1. The packet is sent to the remote host
by using the DR interface.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 112
Single-Tier Routing: Ingress from Physical Network (9)
9. To send the packet from the edge node to the hypervisor, the packet is encapsulated with a
Geneve header.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 113
Single-Tier Routing: Ingress from Physical Network (10)
10.The encapsulated packet is sent across the overlay tunnel.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 114
Single-Tier Routing: Ingress from Physical Network (11)
11.The receiving host decapsulates the packet and routes it to its destination (VM 10.1.1.10).

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 115
Multitier Routing: Egress to Physical Network (1)
A packet needs to be sent from the source VM 10.1.1.10 to the destination VM 192.168.10.1:
1. The packet is forwarded to its default 10.1.1.1 gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 116
Multitier Routing: Egress to Physical Network (2)
2. The gateway (T1 DR) checks its forwarding table to make a routing decision. Because no
specific route exists for the 192.168.10.0/24 network, the packet is sent to the default
100.64.16.0 gateway, which is the DR instance of Tier-0 on the same hypervisor.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 117
Multitier Routing: Egress to Physical Network (3)
3. The packet is sent to the T0 DR instance on the same hypervisor through T0-T1 Transit
Subnet.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 118
Multitier Routing: Egress to Physical Network (4)
4. The gateway (T0 DR) checks its forwarding table to make a routing decision. The packet is
sent to the default 169.254.0.2 gateway, which is the T0 SR component on the edge node.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 119
Multitier Routing: Egress to Physical Network (5)
5. To send the packet from the hypervisor to the edge node, the packet is encapsulated with a
Geneve header.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 120
Multitier Routing: Egress to Physical Network (6)
6. The encapsulated packet is sent to the edge node across the overlay tunnel.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 121
Multitier Routing: Egress to Physical Network (7)
7. The edge node decapsulates the packet and sends it to its T0 SR instance.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 122
Multitier Routing: Egress to Physical Network (8)
8. The gateway (T0 SR) routing table shows a route for the 192.168.10.0/24 network over the
uplink segment.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 123
Multitier Routing: Egress to Physical Network (9)
9. The edge node sends the packet to its upstream physical gateway, which routes the packet to
its destination, 192.168.10.1.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 124
Multitier Routing: Egress to Physical Network (10)
10.For the return packet, the source VM 192.168.10.1 sends the packet to its default gateway,
which routes the packet to the edge node.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 125
Multitier Routing: Egress to Physical Network (11)
11.The SR and the DR components of the Tier-0 gateway share their routing table because they
are both on the edge node. The routing decision is made to send the packet to the Tier-1 DR
instance in the same edge node.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 126
Multitier Routing: Egress to Physical Network (12)
12.The packet is sent to the T1 DR instance on the edge node through T0-T1 Transit Subnet.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 127
Multitier Routing: Egress to Physical Network (13)
13.The gateway (T1 DR) checks its forwarding table to make a routing decision. A route is directly
connected to the 10.1.1.0/24 network over Segment 1. The packet is sent to the remote host.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 128
Multitier Routing: Egress to Physical Network (14)
14.To send the packet from the edge node to the hypervisor, the packet is encapsulated with a
Geneve header.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 129
Multitier Routing: Egress to Physical Network (15)
15.The encapsulated packet is sent to the edge node across the overlay tunnel.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 130
Multitier Routing: Egress to Physical Network (16)
16.The receiving host decapsulates the packet and routes it to its destination (VM 10.1.1.10).

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 131
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Understand the datapath of single-tier routing
• Understand the datapath of multitier routing

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 132
Lesson 7: VRF Lite and EVPN

© 2020 VMware Inc. All rights reserved.

Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Describe VRF Lite
• Explain the benefits of VRF Lite
• Configure and validate VRF Lite deployments
• Describe the EVPN technology
• Explain the use cases and benefits of EVPN
• Describe the architecture of EVPN

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 134
VRF Lite Terminology
You must understand the following terminology to use VRF Lite in NSX-T Data Center:
• Virtual Routing and Forwarding (VRF)
• Multiprotocol Label Switching (MPLS)
• Multiprotocol Border Gateway Protocol (MP-BGP)

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 135
About VRF Lite
VRF Lite has the following characteristics:
• Multiple routing instances can be configured
without deploying additional Tier-0 gateways
and edge nodes.
• Logical routing isolation is provided in NSX
and to external peers that are compatible
with the VRF Lite technology.
• MPLS/MP-BGP protocols are not used.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 136
VRF Lite Requirements
A VRF Lite deployment has the following requirements:
• Deployed Tier-0 gateway
• External connectivity with a layer 3 peer
• Peer device that supports 802.1Q protocol (VLAN tagging)

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 137
Limitations of VRF Lite
VRF Lite is not compatible with the following services:
• VPN
• Load balancer

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 138
Use Cases for VRF Lite
VRF Lite can be used to enable the following features:
• Allow the same network address to coexist in different routing domains.
• Provide feature compatibility with existing network installations.
• Run multiple routing instances in the same gateway to optimize existing resources.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 139
VRF Lite Topologies
VRF Lite can be deployed in single-tier and multitier topologies.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 140
VRF Lite Gateway Interfaces
The following types of interfaces are used with
VRF gateways:
• The Logical Router (LR) trunk port connects
the parent Tier-0 gateway to upstream
physical devices.
• The VRF Uplink interface is internally
connected to the LR trunk port of the parent
Tier-0 gateway.
• The Intratier Transit Link is the internal link
between the service router (SR) and
distributed router (DR) of a VRF gateway.
• The Downlink interfaces connect VRF
gateways to segments with attached
workloads.
• The Routerlink ports connect VRF gateways
with Tier-1 gateways.
© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 141
VRF Lite: Control and Data Planes
VLAN tagging (802.1Q) in the uplink trunk segment provides isolation for each VRF:
• VLAN is the channel for the data plane.
• BGP protocol instance in each VRF provides the control plane functionality.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 142
Configuring VRF Lite
Follow these steps to configure VRF Lite.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 143
Deploying the Default Tier-0 Gateway
To deploy and configure the
default Tier-0 gateway as a
standard Tier-0 gateway:
1. Navigate to Networking >
Connectivity > Tier-0
Gateways in the NSX UI.
2. Select ADD GATEWAY >
Tier-0.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 144
Adding Uplink Interfaces to the Default Tier-0 Gateway
Connect the default Tier-0 uplink interfaces to the uplink segments in the Set Interfaces window.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 145
Configuring BGP for the Default Tier-0 Gateway
Configure BGP parameters to use dynamic routing with external routers in the BGP configuration
section.

Global
Parameters

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 146
Adding the Uplink Trunk Segment for the VRF Gateway
To configure the trunk segment
for connecting the VRF gateway
uplinks:
1. Navigate to Networking > VLAN Transport
Zone

Connectivity > Segments in

the NSX UI.
2. Select ADD SEGMENT. VLAN IDs Used in
VRFs

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 147
Deploying the VRF Gateway
To deploy and configure the
VRF gateway:
1. Navigate to Networking >
Connectivity > Tier-0
Gateways in the NSX UI.
2. Select ADD GATEWAY >
VRF.

Automatically Select Default

Populated Tier-0 Gateway

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 148
Adding Uplink Interfaces to the VRF Gateway
In the Set Interfaces window, connect the VRF gateway uplink interfaces to the uplink trunk
segment.

Access VLAN ID in
Segment Range

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 149
Configuring the BGP for the VRF Gateway
Set up the BGP parameters related to the VRF.

Not Supported in
VRF Gateways

Parameters Inherited
from Default Tier-0

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 150
Connecting a Tier-1 Gateway to the VRF Gateway
To connect the Tier-1 gateway
to the VRF gateway:
1. Navigate to Networking >
Connectivity > Tier-1
Gateways in the NSX UI.
2. Select a Tier-1 Gateway and
click Edit from the actions Select VRF
menu next to > Gateway

3. Go to Linked tier-0 Gateway

and select the VRF Gateway.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 151
VRF Lite Validation
Navigate to Networking > Connectivity > Tier-0 Gateways to obtain the list of VRF gateways
with its status and associated errors.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 152
Lab 9: Configuring VRF Lite
Configure and verify the VRF Lite functionality to isolate routing domains:
1. Prepare for the Lab
2. Create the Uplink Trunk Segments
3. Deploy and Configure the VRF Gateways
4. Deploy and Connect the Tier-1 Gateways to the VRF Gateways
5. Create and Connect Segments to the Tier-1 Gateways
6. Attach VMs to Segments on Each VRF
7. Test the VRF End-to-End Connectivity
8. Review the Routing Tables in Each VRF
9. Verify the Routing Isolation Between VRFs

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 165
Review of Learner Objectives
After completing this lesson, you should be able to meet the following objectives:
• Describe VRF Lite
• Explain the benefits of VRF Lite
• Configure and validate VRF Lite deployments
• Describe the EVPN technology
• Explain the use cases and benefits of EVPN
• Describe the architecture of EVPN

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 166
Key Points (1)
• The NSX-T Data Center routing function meets the needs of service providers and tenants.
• Static route configuration is performed manually by an administrator.
• Dynamic route configuration enables gateways to exchange information about the network.
• NSX logical routing commonly implements a two-tiered topology.
• Tier-1 gateways have downlink ports to connect to NSX segments and uplink ports to connect
to Tier-0 gateways.
• A gateway includes two optional parts: a distributed gateway and one or more service
gateways.
• You can deploy an NSX Edge node through the NSX UI, the OVF tool, and an ISO file in a
PXE environment.
• Joining NSX Edge nodes with the management plane ensures that NSX Manager and the NSX
Edge nodes can communicate with one another.

© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 192
Key Points (2)
• A multinode NSX Edge cluster helps ensure that at least one NSX Edge node is always
available.
• EBGP is the interchange of autonomous system IP addresses within a particular host section
of IP addresses.
• An IP prefix list contains one or more IP addresses that are assigned access permissions for
route advertisement.
• ECMP routing increases the north-south communication bandwidth by adding an uplink to the
Tier-0 gateway and configuring it for each NSX Edge node in an NSX Edge cluster.
• Multiple edge nodes can be pooled in a cluster for scale-out and redundancy.
• High availability supports two modes: active-active and active-standby.
• VRF Lite enables you to configure multiple routing instances without deploying additional Tier-
0 gateways and edge nodes.
• EVPN is used to extend Telco traditional networks to NFV Clouds.
• Tier-0 gateways and their directly connected downlink segments support multicast.
Questions?
© 2020 VMware, Inc. VMware NSX-T Data Center: Install, Configure, Manage | 5 - 193