NSX-T Lab: Tier 1 Gateway


Welcome to Part 15 of the NSX-T Lab Series. In the previous post, we discussed logical routing in NSX-T.
In this post we will setup our Tier 1 Gateway and add our segments to it to get the Layer 3 routing working so our test app VMs can start talking to each other.
The diagram below shows what we will end up with by the end of the blog post.

The Build

Right lets get started go to ‘Networking’ ‘Tier-1 Gateways’ and click on ‘ADD TIER-1 GATEWAY’

All we need to do for now is give it a name we’ll do the rest of the configuration after we create our Tier-0 Gateway. so name it and click ‘Save’

Click ‘No’

OK lets connect our segments to the Tier-1 Gateway, go to ‘Networking’ ‘Segments’ Click on the three dots to the left of the Web-LS and select ‘Edit’
We are going to asssign it to the Tier-1 Gateway and configure the Gateway IP.

From the dropdown in the middle select the Tier-1 Gateway, then click on ‘Set Subnets’

Enter the gateway IP in CIDR format for the Web segment, then click on ‘Add’ and then ‘Apply’ and then on ‘Save’ and finally! ‘Close Editing’

If we quickly jump back to our Tier-1 gateway we can see that there is now a linked segment. If we click on the blue 1 highlighted below we can see the linked segment as Web-LS

We now need to repeat the process for the App-LS and the DB-LS.

Our Tier-1 Gateway now shows 3 linked segments

Right so we have a T1 gateway, we have the test app segments connected to it and a gateway IP set so now let’s test our app and see if we can ping.
First I’ll login to the web server web01 a quick ifconfig shows the IP address of

First I’ll ping the gateway IP of

Success, OK now let’s confirm we can get to the other web server web02 which is on a different host. Remember the lab is nested so I confirm that web01 is currently on nested host comp03.lab.local web02 is currently on nested host comp02.lab.local
Comp03.lab.local is on the physical host lab3.lab.local
Comp02.lab.local is on the physical host lab1.lab.local
So they are on separate physical and nested hosts so the traffic has to hit the physical switch to get to the other web server

Alright it’s working so lets now ping from web01 to app01
App01 is on comp01.lab.local which is on physical host lab2.lab.local so still a different nested and physical host to where Web01 is sitting.
First off we’ll ping the App Segment gateway IP.

and now App01

Awesome so Layer 3 routing is working.
A quick test to the DB Segment confirms that works as well so all three segments have connectivity as they are all connected segments to the T1 Gateway.

If we go to the Networking Configuration Overview page we can see the changes we have made.

Note the Tier-1 Gateway is shown as not connected to a Tier-0 Gateway thats because we haven’t deployed it yet and it shows Connected to Segments as 1. I have no idea why it says 1 when there are 3 segments connected!

Now check the Segment section on the same page, it shows 2 Not connected, these are the VLAN segments we have for the Tier-0 Uplinks it also shows 3 Routed, these are the Segments we just added Web, App and DB.

There’s also another awesome tool we can use to visualize what we have just configured and that’s traceflow. For that we need to go to ‘Advanced Networking & Security’ ‘Tools’ ‘Traceflow’
Enter the VM name or select from the dropdown for the source and destination and then click ‘TRACE’

Traceflow will show us all the steps the traffic takes from one VM to another.

That’s it we have now configured our Tier-1 Gateway, well almost we still have to connect it to the Tier-0 Gateway and configure the Route Advertisement. We could do the Route Advertisement setting now but I’ll leave it as part of the Tier-0 Gateway post as it forms part of the routing configuration we need to do.

Next up we get to the real meat of the build the Tier-0 Gateway and dynamic routing configuration!
NSX-T Lab: Tier 0 Gateway

Leave a Reply

Your email address will not be published. Required fields are marked *