With NSX-V, The DLR handled east/west traffic, and the ESG handled routing for north/south traffic and traffic for any enabled stateful services. With NSX-T, the north/south traffic is handled by the Service Router which is a centralized component of logical router.
DR and SR
The DR component spans hypervisors whose VMs are connected to the logical router, as well as edge nodes the logical router is bound to. the DR is responsible for one-hop distributed routing between logical switches and/or logical routers connected to this logical router.
The SR component is responsible for delivering services that are not currently implemented in a distributed fashion, such as stateful NAT. Please note that the SR only exists within the Edge nodes.
Scenario
Below is what we will be playing with. The goal is allow external access to the Web, App and DB VMs.
Let’s first start by confirming that we currently unable to access the VMs from the jump-box.
We are unable to reach the VMs. Let’s fix that!
Tier 0 Router creation and configuration
Navigate to Routing > Routers > Add
Click Save
Ensure that your logical router is associated with an Edge Cluster.
Next we will create a segment to connect our Tier 0 router to the outside world
Navigate to Switching > Add
We will choose the vlan transport zone
Click Save
Let’s now create a port to connect the logical router to our newly created Uplink-1 segment
Now let’s enable BGP. Our Local AS is 65001
Add the neighboring router which has a remote AS of 65002
Tier 1 Router configuration
Let’s start by connecting the Tier 1 router to the Edge cluster
Click Save
Now let’s connect the Tier 1 router to the Tier 0 router
Next thing to do is to advertise the routes between the Tier 1 and Tier 0 router
Select Tier 1 logical router > Routing > Route Advertisement
Enable the service and advertise All NSX Connected Routes then save
One last thing to do is to verify that route redistribution is enabled on the Tier 0 router and the NSX Static is included in the source routes to be redistributed.
Select your Tier0 router > Routing > Route Redistribution
We should now be set, let’s check if we can reach out the VMs from the outside
Boom! North/South traffic is flowing as intended.
I hope this post was helpful. Thank you for reading.
How useful was this post?
Click on a star to rate it!
Average rating / 5. Vote count:
My name is Amine El Badaoui and I currently live in Aylesbury, a small town in the south east of England
I have been working in the IT industry for few years now and specialise in VMware virtualisation, data centre infrastructure and cloud technologies. Over the years I have obtained numerous industry certifications from Microsoft, Netapp and VMware.I currently work as a VMware Product Engineer @ https://www.rackspace.com/
This blog represents my random technical notes and thoughts. The thoughts expressed here do not reflect my current employer in anyway.