*Logical Routing & Switching:

– Routing component: T0 and T1 virtual router. T0 running BGP peering with external router and T1 not connect to outside network. 2 component  of a single router is distributed router and service router. T1 routers cannot connect directly to the physical underlying infrastructure, only T0 routers can provide connectivity to the physical network. Can restrict subnets from T0/T1 to be advertised to upstream routers via Route Filtering/Advertisement.

 – Distributed router placed on each transport nodes and edge node and role of distributed router is handle East-West Routing,

– Service Router placed on edge and usef for handling North-South Routing and centralized services.

– Testing network interface TEP or virtual router (T0,T1) of edge node: Login SSH to edge node by user admin > show logical-routers -> Check VRF number of logical router need checking > vrf <VRF ID> >get  interfaces > ping <ip in segment or upstream external router>

VMware NSX-T in detail – what-the-cloud

1/Create T0 router on Edge Cluster:

– Menu Networking > Connectivity > Tier-0 Gateway

– Click ADD GATEWAY > Tier-0

– Click No

2/ Create interface on T-0 Gateway:

The Tier-0 gateway in the NSX-T Edge cluster provides a gateway service between the logical and physical network. So need add interface as uplink connect to outside physical network. Each interface has IP with VLAN subnet for communication with router outside.

These interfaces will use vlan segments on vlan transport zone of edge node created before.

Example add new interface with IP VLAN 230 for Tie-0 gateway

– On new Tier-0 GW > Click menu Edit

– On section INTERFACES > Click Set on External And Service Interfaces


* Check T0 HA Status: Because T0 router can running active-active or active-standby on edge cluster => need checking T0 status on each edge node.

Login SSH to edge node:

# get logical-router

# vrf <vrf-id>

# get high-availability status

3/Create T1 router:

– Tier-1 logical routers have downlink ports to connect to logical switches (network segment) and uplink ports to connect to tier-0 logical routers. VM will connect directly to network segment. Each logical router contains a services router (SR) and a distributed router (DR). A DR is distributed across all transport nodes that belong to the same transport zone and an SR is centrally instantiated on the Edge Node. An SR instance is required for services that cannot be distributed i.e. Physical Connectivity, NAT, DHCP, Load Balancers, etc

– Menu Networking > Tier-1 Gateways


– Click Save > Click No

4/Create new Overlay Segment for App and DB workload VM:

– A Segment performs the functions of a logical switch and connects to gateways and VMs.When creating new overlay segment need define new GW for this segment and VM attach to this segment using this as GW for routing traffic.

Create 2 new overlay segment for VLAN230 and VLAN201

Menu Networking > Segments


– Click Save > No

– Checking new segment (display as vm portgroup) of DVS on vCenter

– Login to edge node change vrf to T1 DR router and show 2 new interfaces used as gateway for segments

5/Connect VM to overlay segment and configure GW:

– VM App Test:

– VM DB Test:

– On VM App Test try to traceroute  to VM DB Test. Tracing successful show that T1-router component DR working well for routing traffic between 2 segments

Tags : AutomationContainerDevOpsK8sKubernetesLinux-Unix

Leave a Response

error: Content is protected !!