NSX-T in Practice: Logical Routing (East-West)

NSX-V introduced distributed routing, where traffic is done at the kernel level removing the need to always hit the aggregation layer. NSX-T take this further and extend this functionality to a multi-hypervisor and multi-cloud environment.

With NSX-T your logical routing comes in two flavours: A Tier-0 router and a Tier-1 router. It is important to understand the difference and the use case for each of the logical routers.

A Tier-0 (Often called a provider logical router)  is generally your uplink to the physical infrastructure, however it also supports connectivity to logical switches as well as being an interconnect with Tier-1 logical routers. A Tier 0 router typically peers with a physical router using BGP or via the use static routing.

A Tier-1 logical router (Often call a tenant logical router) on the other hand supports connectivity to logical switches using downlinks ports and to Tier0 routers using uplinks ports. 

Below is what will be setting up

Let’s start by creating our logical switches and connecting our VMs to them.




Connecting the VMs to their relevant logical switches

Web01a can communicate with Web02a but cannot reach App01a

Navigate to Routing > Routers > Add

Once router is created, click on it > Configuration> Router Ports

Creating the web port

Creating App port

Creating DB port

Let’s check if our VMs can now communicate

Web to App segment and Web to the DB segment

App to DB and App to Web segment

DB to App and DB to Web segment

Let’s have a look a this for an nsxcli perspective. Log on to one of your ESXi hosts and type nsxcli. Then get logical-routers. This will list our logical router which has 3 Lifs.

Let’s check the config of the logical router

The router interfaces

The route table

The router arp table

In the next post we will add a tier-0 router and look at static and dynamic routing.

That’s all there is to it! I hope this post was helpful and thank you for reading.

