Chris Hall bio photo

Chris Hall

Principal Technical Consultant

PolarCloudsUK Chris LinkedIn Github
Chris Hall Nutanix Certified Master - Multicloud Infrastructure 6 Chris Hall VMware vExpert 2024 Nutanix Certified Professional - Cloud Integration Chris Hall Nutanix Certified Professional - Multicloud Infrastructure 6 Chris Hall Nutanix Certified Professional - Unified Storage 6 Chris Hall VMware vExpert 2023 Chris Hall VMware vExpert 2022

NSX-T Logo In this post we will create our uplink segments, deploy our Tier-0 gateway and establish our BGP connections to our lab router.

This post is part 6 of a multipart series. Find the other parts here:

As a reminder, in this series we will be building the following lab:

NSX-T Test Lab(Click image to zoom in)

Overview


What is a Tier-0 Gateway?

A Tier-0 gateway performs the functions of a Tier-0 logical router. It processes traffic between the logical and physical networks; that is northbound traffic headed out from the NSX-T environment and southbound traffic headed in to the NSX-T environment. As the Tier-0 is federated, it is able to perform this function at both our Site A and Site B sites.

Set Overlay Transport Zones as Default

As we are using our own transport zones way that we created back in Part 2 and Part 3 rather than using the pre-defined system created zones, we need to set ours as the defaults.

Log into the Global NSX-T Manager and select Site-A from the task bar drop down. From there, select System > Fabric > Transport Zones. Select Site-A-Overlay-Transport-Zone > Actions > Set as Default Transport Zone:

Set as Default TZ 1

Click OK when prompted:

Set as Default TZ 2

Repeat the above for Site B and Site-B-Overlay-Transport-Zone.

Lets create our Tier-0 uplink segments. These will be used for north/south traffic to and from the federated gateway to the site edges.

Select the Global Manager from the task bar drop down. From there, select Networking > Segments then select Add Segment.

Name the segment Site-A-Uplink, ensure connected gateway is None. Select Location Site-A and Site-A-VLAN-Transport-Zone. Finally, set VLAN to 12 as defined in Part 1:

Site-A-Uplink Segment

Click Save and No to complete.

A quick peek at Site A’s vCenter networking confirms creation:

Site-A-Uplink Segment vCenter

Repeat for Site B, naming the uplink Site-B-Uplink, location as Site-B, selecting Site-B-VLAN-Transport-Zone and setting VLAN to 22 (again as defined in Part 1):

Site-B-Uplink Segment

Yep, looks good:

Site-B-Uplink Segment vCenter

Back in NSX-T Global Manager, clicking Check Status returns Success for both:

Uplink Segment Status

Create Tier-0 Gateway

Lets create the federated Tier-0 gateway. Select the Global Manager from the task bar drop down. From there, select Networking > Tier-0 Gateways. Select Add Tier-0 Gateway.

Name the Gateway Multi-Site-T0, set the HA mode to Active, mark all locations as primary (i.e. both sites active rather than one active and one standby) and finally add both locations and edge clusters:

T0 Config 1

Click Save and Yes to continue the configuration of the Tier-0.

Scroll down to Interfaces, expand and click Set.

Click Add Interface, name the interface Site-A-Uplink, location Site-A, IP address of 192.168.12.2/24 (again as defined in Part 1), connected to Site-A-Uplink, edge node ESG-SITE-A:

T0 Site A Uplink

Click Save.

Click Add Interface , name the interface Site-B-Uplink, location Site-B, IP address of 192.168.22.2/24 (again as defined in Part 1), connected to Site-B-Uplink, edge node ESG-SITE-B:

T0 Site B Uplink

Click Save. Again, click Check Status to confirm that the configuration is correct:

T0 Uplinks

Click Close. Once back in the Multi-Site-T0 configuration, confirm that both sites have one interface each:

T0 Interfaces

Next, scroll down to Route Re-distribution and click Set next to Site-A.

Click Add Route Re-distribution, Enter name of Site-A-Route-Redistribution and click Set. Select options as shown below and click Apply:

T0 Site A BGP

Click Add and Apply to save.

Repeat route re-distribution settings for Site B and ensure both are enabled:

Site Re-Redistribution

Click Save. Scroll back up within the configuration of Multi-Site-T0, and open the BGP section.

Set Local AS to 64605 and Graceful Restart to Disable:

T0 BGP

Click Save.

Set under BGP Neighbours and select Add BGP Neighbour

Enter 192.168.12.1, set Location to Site-A, set BFD Enabled. As per OPNsense BGP and BFD Configuration we know that our OPNsense Labrouter has a BGP AS of 64600, so add that as Remote AS Number:

Site A BGP

Click Save. Click Check Status to confirm BGP has established:

Site A BGP Established 1

Click i to show further information and confirm “Established” status:

Site A BGP Established 2

Click Add BGP Neighbour and configure for Site B location. As we are using Lab router as our site B uplink, set IP to 192.168.22.1 and remote AS as 64600 also:

Site B BGP

Click Save. Click Check Status to confirm BGP has established:

All Established

Again, click i to show further information and confirm “Established” status:

Site B Established 2

Click Close to close BGP Neighbours setting and Close Editing to close Tier-0 configuration.

Finally, click Check Status on the Multi-Site-T0 gateway and confirm Success status:

T0 Success

Nice. And as some “icing on the cake”, lets check our BGP summary in OPNsense:

OPNsense BGP

Two established neighbours! Perfect!

Conclusion and Wrap Up

So there we have it. Our Tier-0 router has been deployed and configured. BGP has been established at both sites from the Tier-0 gateway up through the edges and uplinks to our Labrouter. Our last task is to deploy two Tier-1 gateways and we will look to complete that in part 7.

This was part 6 of a multipart series. Find the other parts here:

Look out for future parts coming soon!

-Chris