In my NSX-t 3.0 series, I wrote an article on setting up Logical Routing so that traffic can start flowing through the SDDC.
If you have missed my NSX-T 3.0 series, here are the links to the same:
1: NSX-T Management & Control Plane Setup
3: Transport Zones & Transport Node Profiles
5: Configure Logical Routing in NSX-T
Let’s do a quick recap on routing capabilities in NSX-T.
Logical Routing in NSX-T has the ability to provide connectivity for both virtual and physical workloads that are in different logical L2 networks. Workloads get connected to each other via segments and these segments can in turn attach to a T0/T1 GW for East-West & North-South communication.
T0/T1 gateways have Service Router (SR) & Distributed Routers (DR). The DR component is embedded at the hypervisor level and ‘abstracted’ from the underlying physical network.
In NSX-T we have have 2 ways of achieving logical routing:
- Single-Tier Routing
- Multi-Tier Routing
In this post we will discuss only about single-tier routing.
Single-Tier Routing
In Single-Tier Routing is a NSX-T, workload segments connects directly to a Tier-0 gateway. It’s the Tier-0 gateway that provides both distributed routing and centralized routing along with other services such as NAT, DHCP, load balancers and so on.
In this deployment model, Both East-West & North-South routing is taken care by T0. There is no T1 gateway in single-tier deployment.
Below diagram is representation of how single-tier routing looks like. In this architecture:
1: There are 2 workload segments (App-Ls & Web-LS) and both the segment connects directly to Tier-0 gateway.
2: Tier-0 is connected to physical router via 2 uplinks ( both in separate vlan’s)
3: The upstream router is then connected to WAN network.
To achieve this architecture, I have deployed a T0 gateway in my lab. T0 gateway is BGP peering with upstream router. Please see this post for instructions on deploying T0 & configuring BGP.
I also have 2 overlay segments created and attached directly to Tier-0 gateway.
I have couple of vm’s connected to App-LS and one vm connected to Web-LS. Default gateway f both the vm’s are pointing to .1 IP of their respective subnet.
East-West Routing Verification
Let’s connect to the vm’s and verify whether or not east-west routing is working.
From App01 vm, i tried pinging its default gw, app02 vm which is on same segment and web01 vm which is on different segment and got ping results for all 3 tests.
Test results from App02 vm.
Test results from Web01 vm.
Above test indicates that east-west routing is working fine between the app-ls and web-ls segment.
North-South Routing Verification
Lets test north-south routing for the app and web workload vm’s.
From App01 vm, i tried pinging google.com and one of the physical server and got ping results for both tests.
same test I performed for App02 & Web01 vm and got results as expected.
And the above tests verifies that north-south routing is also working fine.
And that’s it for this post. In next post I will explain Multi-Tier routing architecture.
I hope you enjoyed reading the post. Feel free to share this on social media if it is worth sharing 🙂