Chris Hall bio photo

Chris Hall

Making technology fit my requirements

Principal Technical Consultant

PolarCloudsUK Chris LinkedIn Github
Chris Hall VMware vExpert 2022 Chris Hall VMware vExpert 2021 Chris Hall VMware vExpert 2020 Chris Hall Rubrik Technical Professional

NSX-T Logo In this post we will create our uplink segments, deploy our Tier-0 gateway and establish our BGP connections to our lab router.

This post is part 6 of a multipart series. Find the other parts here:

As a reminder, in this series we will be building the following lab:

NSX-T Test Lab(Click image to zoom in)

Overview


What is a Tier-0 Gateway?

A Tier-0 gateway performs the functions of a Tier-0 logical router. It processes traffic between the logical and physical networks; that is northbound traffic headed out from the NSX-T environment and southbound traffic headed in to the NSX-T environment. As the Tier-0 is federated, it is able to perform this function at both our Site A and Site B sites.

Set Overlay Transport Zones as Default

As we are using our own transport zones way that we created back in Part 2 and Part 3 rather than using the pre-defined system created zones, we need to set ours as the defaults.

Log into the Global NSX-T Manager and select Site-A from the task bar drop down. From there, select System > Fabric > Transport Zones. Select Site-A-Overlay-Transport-Zone > Actions > Set as Default Transport Zone:

Set as Default TZ 1

Click OK when prompted:

Set as Default TZ 2

Repeat the above for Site B and Site-B-Overlay-Transport-Zone.

Lets create our Tier-0 uplink segments. These will be used for north/south traffic to and from the federated gateway to the site edges.

Select the Global Manager from the task bar drop down. From there, select Networking > Segments then select Add Segment.

Name the segment Site-A-Uplink, ensure connected gateway is None. Select Location Site-A and Site-A-VLAN-Transport-Zone. Finally, set VLAN to 12 as defined in Part 1:

Site-A-Uplink Segment

Click Save and No to complete.

A quick peek at Site A’s vCenter networking confirms creation:

Site-A-Uplink Segment vCenter

Repeat for Site B, naming the uplink Site-B-Uplink, location as Site-B, selecting Site-B-VLAN-Transport-Zone and setting VLAN to 22 (again as defined in Part 1):

Site-B-Uplink Segment

Yep, looks good:

Site-B-Uplink Segment vCenter

Back in NSX-T Global Manager, clicking Check Status returns Success for both:

Uplink Segment Status

Create Tier-0 Gateway

Lets create the federated Tier-0 gateway. Select the Global Manager from the task bar drop down. From there, select Networking > Tier-0 Gateways. Select Add Tier-0 Gateway.

Name the Gateway Multi-Site-T0, set the HA mode to Active, mark all locations as primary (i.e. both sites active rather than one active and one standby) and finally add both locations and edge clusters:

T0 Config 1

Click Save and Yes to continue the configuration of the Tier-0.

Scroll down to Interfaces, expand and click Set.

Click Add Interface, name the interface Site-A-Uplink, location Site-A, IP address of 192.168.12.2/24 (again as defined in Part 1), connected to Site-A-Uplink, edge node ESG-SITE-A:

T0 Site A Uplink

Click Save.

Click Add Interface , name the interface Site-B-Uplink, location Site-B, IP address of 192.168.22.2/24 (again as defined in Part 1), connected to Site-B-Uplink, edge node ESG-SITE-B:

T0 Site B Uplink

Click Save. Again, click Check Status to confirm that the configuration is correct:

T0 Uplinks

Click Close. Once back in the Multi-Site-T0 configuration, confirm that both sites have one interface each:

T0 Interfaces

Next, scroll down to Route Re-distribution and click Set next to Site-A.

Click Add Route Re-distribution, Enter name of Site-A-Route-Redistribution and click Set. Select options as shown below and click Apply:

T0 Site A BGP

Click Add and Apply to save.

Repeat route re-distribution settings for Site B and ensure both are enabled:

Site Re-Redistribution

Click Save. Scroll back up within the configuration of Multi-Site-T0, and open the BGP section.

Set Local AS to 64605 and Graceful Restart to Disable:

T0 BGP

Click Save.

Set under BGP Neighbours and select Add BGP Neighbour

Enter 192.168.12.1, set Location to Site-A, set BFD Enabled. As per OPNsense BGP and BFD Configuration we know that our OPNsense Labrouter has a BGP AS of 64600, so add that as Remote AS Number:

Site A BGP

Click Save. Click Check Status to confirm BGP has established:

Site A BGP Established 1

Click i to show further information and confirm “Established” status:

Site A BGP Established 2

Click Add BGP Neighbour and configure for Site B location. As we are using Lab router as our site B uplink, set IP to 192.168.22.1 and remote AS as 64600 also:

Site B BGP

Click Save. Click Check Status to confirm BGP has established:

All Established

Again, click i to show further information and confirm “Established” status:

Site B Established 2

Click Close to close BGP Neighbours setting and Close Editing to close Tier-0 configuration.

Finally, click Check Status on the Multi-Site-T0 gateway and confirm Success status:

T0 Success

Nice. And as some “icing on the cake”, lets check our BGP summary in OPNsense:

OPNsense BGP

Two established neighbours! Perfect!

Conclusion and Wrap Up

So there we have it. Our Tier-0 router has been deployed and configured. BGP has been established at both sites from the Tier-0 gateway up through the edges and uplinks to our Labrouter. Our last task is to deploy two Tier-1 gateways and we will look to complete that in part 7.

This was part 6 of a multipart series. Find the other parts here:

Look out for future parts coming soon!

-Chris