In this blog post, we will take a look at how we deploy NSX Edge node and configure t0 gateway the NSX manager. As discussed in the previous part of this blog series, I will be setting up the network as shown in the schematic:
To set this up, we first create the transport zones that would be used in this setup. What are NSX transport zones? The NSX transport zones are user defined scope for VXLAN networking traffic. The scope is defined by the end-user. There are two types of transport zones:
1- Overlay Backed Transport zones: The overlay transport zones are used by ESXi hosts and Edge nodes; for inter ESXi hosts communication, over a tunnel, that are part of the same overlay transport zone. N-VDS are installed on the host/edge when they are added to an overlay zone.
2- VLAN Backed transport Zones: The VLAN transport zone is used by NSX edge nodes and transport nodes for the VLAN up-links. This transport zone is for communication to the physical infrastructure, provided the VLAN transport zone and the upstream physical infrastructure are upstream of the transport zone are on the same VLAN.
Let us take a look at how to create transport zones. Since, in my home lab use case, the in and out of my edge node are both to a physical uplink (intNW and extNW), I will be creating two vlan backed transport zones. On the NSX manager, go to system tab. Expand the Fabric drop down tree and click on “Transport Zones”:
- Click on the “+ ADD ZONE”
- The “New Transport Zone” wizard opens. Select the type of traffic, to create an overlay or vlan segment. Since, I am creating vlan transport zone, I selected vlan for my lab use case:
- I created the following transport zones:
- virmystinttruntz: Transport zone for my internal network (intNW)
- virmysttrunkTZ: Transport zone for my external network (extNW)
Now we go ahead and begin the deploy of our Edge node. Before proceeding, make sure your vCenter is linked to the NSX manager. Refer my previous post on how to do this.
1- In the system tab, under Fabric, Click on Nodes.
2- Go to ‘Edge Transport Nodes” tab. Click on “+ ADD EDGE NODE”:
3- The “Add Edge Node” wizard opens. Type in a name for your edge node, FQDN and select the form factor. Since this is a homelab setup, I am using the “Small” form factor. Click on Next
4- Set the admin and root credentials for the edge node and then click Next
5- Set the management IP address, select the management interface, Domain Names, DNS and NTP servers information, click on next:
6- Select your environment vCenter under compute manager. Select the Cluster, Host and datastore where you would want to deploy the Edge Node VM. Click next:
7 - This is the step where we setup the NSX edge node network to meet our use case needs. I will be creating two edge switches, one for intNW and on internal vlan backed transport zone. The second edge switch would be on the extNW on the external vlan backed transport zone:
8- The NSX deploy begins, you will notice that the NSX manager itself deploys and configures the Edge node automatically, pretty cool!
9 - Wait till Configuration State, Controller Connectivity and Manager Connectivity, all show green. The Edge node deploy and configuration is completed at this point.
10- Once the node deploy is complete, we create the edge node cluster. To do this, from NSX home, go to System-> Fabric -> Nodes. Click on the “Edge Clusters” tab. Click on “+ ADD EDGE CLUSTER”:
11- The add edge cluster wizard opens up. Enter desired name for the cluster and select the availability profile for the edge cluster. Then add the edge node to the cluster:
Now that we are done with the setup of our Edge cluster, we can finally move on to the deploy of T0GW to this edge cluster and configure gateway services to this cluster. First we setup segments in the network. We create 1 segment for the internal vlan transport zone and 1 segment for the external vlan transport zone.
- To create segments, go to Networking tab and click on "Segments". Click on "ADD SEGMENT":
- Select a segment name, and select the transport zones (in my case, one segment for the internal TZ and one for the external). Do not select the connected gateway or fill the subnet, at least for this example.
- Now that we have done the background work for deploying the t0 gateway, let us go ahead and set that up. Click on "Tier-0 Gateways" and then click on the "ADD Gateway" drop and select "Tier-0":
- Enter the desired name for the t0 gateway and select the HA mode from the drop down. Select the edge cluster that you set up previously; from the drop down. Then scroll down and click 'save'. The remaining settings we will be doing after this.
- Click on yes for the "Do you want to continue configuring...."
- Scroll down to interfaces and set the interfaces as per your environment. You will have to define an IP address for each of the interfaces that you configure to the gateway:
- You can also set the static-routes, as per your environment, in this step. Ensure you define the next hop correctly in your configuration. In my case, it was my internet router internal IP address:
- Click on save and then click on close editing.
Sample interface setting from my setup:
In the next post of this blog series, we shall take a look at setting up NAT and firewall services on the t0 gateway that we just created.