Tier-0 Gateway

This post will review the deployment and configuration of a Tier-0 gateway to provide north/south routing into the NSX-T overlay networks.

The Tier-0 (T0) gateway is where we’ll finally connect our new NSX-T backed overlay segments to the physical network through an NSX-T Edge which was previously deployed.

The Tier-0 gateway will connect directly to a physical VLAN and on the other side to our T1 router deployed in the previous post. From there, we should have all the plumbing we need to route to our hosts and begin using NSX-T to do some cooler stuff. In the end, the network topology will look something like this:

Deploy the Tier-0 Gateway

Within the NSX-T Manager navigate to Networking –> Tier-0 Gateways. From there click the ADD GATEWAY button.

Give the gateway a name and pick an HA Mode. In our case the HA mode doesn’t really matter because we only have a single edge deployed. In a production setting, this becomes an important consideration. Next, scroll down until you get to the Interfaces section. Click the link next to interfaces to assign an interface to the router.

Name the interface, and select the type of external. Then enter an IP Address / subnet for the IP Address that will reside on the external interface side of the router. This should be a routable IP Address on your physical network (VLAN 201 from previous posts).

In the Connected to(Segment) box select the Uplink-Segment that was created during the segments post. Then finally select the edge node that will house the resources for this T0 gateway. Click Save to save the interface configuration and go back to the T0 router setup.

Under Static Routes, I added a default routing rule that sends any traffic to 0.0.0.0/0 through my physical switch.

My next hop address is the Physical Switch gateway address on the VLAN 201 network. In my case its 10.10.201.254.

Connect the Routers

Your Tier-0 Router is now ready to go, lets connect a couple of things together to finish this up. Go to your Tier-1 router created in the previous post and update the Linked Tier-0 Gateway drop down to reflect your new Tier-0 router. Save the configuration and you’ve now connected the T0 down to the Tier-1 and subsequent NSX segments.

Configure Routing Rules

The last step I can’t help with too much. We need to send traffic from our physical network down to the NSX-T overlay segments through routing rules. When setting up the segments in a previous post, I used the networks below as NSX segments.

NOTE: These networks are just test networks to demonstrate how NSX-T can be used with VMs. These segments are not necessary for vSphere 7 with Kubernetes, but a good way to validate that NSX is working. I am using these networks alongside of the vSphere 7 on Kubernetes deployment.

These networks cannot be accessed from outside the overlay networks until you configure routing rules or a dynamic routing protocol. In my case, I updated my Layer 3 switch so that a route for 192.168.0.0/16 points to my Tier-0 Uplink IP Address which was 10.10.201.10.

In your case, you can add static routes, or setup a routing protocol to automatically add these routes. You’ll have to decide for yourself the best method in your lab, with your equipment.

Summary

You’ve now deployed the Tier-0 router and connected your NSX-T backed Overlay segments to your physical network. You can begin using NSX-T for vSphere 7 on Kubernetes by following the next post, or whatever network segmentation/routing/stretched Layer 2 thing you can come up with. Good luck with your NSX-T labbing!