Welcome to Part 6 of the NSX-T 3.0 Lab Federation Series.
In my Last Post I Setup the stretched Tier-0 gateway.
In this post we will be deploying our stretched Tier-1 Gateway and connecting our test VM’s to the stretched segments.
In our lab setup diagram we are going to configure the blue section downwards.
From the Tier-1 perspective we are setting up distributed Routing only.
The Build
Tier-1 Gateway
Make sure you are connected to the Global manager then navigate to Networking, Tier-1 Gateway and click ADD TIER-1 GATEWAY
As I’m doing a simple DR only deployment all I need to do is enter a name and pick the Tier-0 as the ‘Linked Tier-0 Gateway’
Click SAVE
I’ll be doing a Tier-1 with services in another post.
Click YES
If I jump onto my Local managers I can check that the Tier-1 has been created.
On the Global manager expand ‘Route Advertisement’ and select which things to advertise then click SAVE then click CLOSE EDITING
We can check the connection between the Tier-0 and Tier-1 by either the command line of the Edge node or from the NSX-T UI.
From the Edge node by running the command ‘get logical-routers‘ here we can see VRF 5 shows the Tier-1
From the NSX-T UI if we expand the Tier-0 and click on ‘Linked Tier-1 Gateways
We can see our Tier-1
With that the Tier-1 configuration is complete for a simple DR only deployment, now we can configure our test app segments.
Stretched Segments
Still on the Global manager navigate to Networking, Segments, SEGMENTS and click ADD SEGMENT
Enter the ‘Segment Name’ set the ‘Connectivity’ to the Tier-1 the ‘Traffic Type’ is Overlay then enter the ‘Subnet Gateway’ in CIDR format.
Then click SAVE
Click NO
Repeat for the other VM Stretched Segments.
We now have our test app segments configured.
If I take a look at my local NSX managers I can also see the new segments, note the GM meaning it was created and can only be managed from the Global Manager.
On the vCenters we can also see the new segments, the ‘N’ denotes that they are a NSX network.
The next step is to attach our VMs to the new segments I won’t cover this as I’m sure you already know how to do that 😉
Final checks
First let’s check our Tier-0 routes.
One way we can check is by going to the Local Manager and then the Tier-0 and clicking on the icon outlined below.
This will give us a nice graphical overview of the setup.
To check the routes we can again do this from the UI by the local or global manager go to the Tier-0 and click the ellipsis and select Download routing table
Select the ‘Location’ and the ‘Transport Node’ and click DOWNLOAD.
You can also limit the source to just BGP, Static or connected or leave blank to get everything.
The routes we are interested in from the Tier-1 will be static routes as there is no dynamic routing between the Tier-1 and Tier-0.
Here we can see our three test networks.
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
We can also see the same from the Edge node CLI, connect to the edge node in DCA or B, via SSH and run ‘get logical-routers‘
We need to connect to the ‘SERVICE_ROUTER_TIER0’ so I type ‘vrf 2′
Then run ‘get route‘. We can see our test networks at the top.
And from the DCB Edge node
We can run ping tests from DCA VM’s to DCB VM’s and visa versa
Finally I run a tracert from my external machine.
I can see it hitting my home router 192.168.88.90 then Edge node 2 in DCA 10.170.1.12 then the Tier-1 interface 100.64.144.1 then onto the VM 10.0.1.14
With that we are done.
In the next couple of posts I’ll be setting up the DFW and doing some failover tests.
Hi,
Very interesting Lab and Blog…
I have one question.
Which routes have your external routing? Do you have full BGP routes or only EDGE reachability? I understand all the lab but I’ve always seen labs with strechted subnets on different segments and not on same L2 in both sites.
I really appreciate if you post the config of your home router so that will be clear how can you reach the WEB on the T1.
Thanks
Giovanni