Nested NSX 6.2 – Part 5 North-South Routing


Part 1

Part 2

Part 3

Part 4

I have now established east-west communication I must now configure north-south communication – this is achieved by using NSX Edge (ESG).  ESG supports dynamic routing protocols that can be peered with the physical infrastructure, for my lab I will be attempting to pass the traffic onto my home router.  This is a bog standard Virgin Media router with limited features, I really need a managed router with features such as dynamic routing protocols but I want to see how far I can just using a white box PC and Workstation for nesting NSX.

Open the Web Client and go to Network & Security – Installation – NSX Edges.  Choose Edge Services Gateway.  Add new appliance, add a name and add a username and password.  This will be used for console access or via SSH

nsxdeploymentpart5-1  nsxdeploymentpart5-2

Choose the compute resource to run the appliance and the application size.  Compact is fine for a lab environment.

nsxdeploymentpart5-3

Now to configure the interfaces, this process is similar to the LDR configuration.  First I configure an uplink interface – for my setup this will be configured with a vSS port group which is using a vmnic that is bridged with my Workstation host.  The IP address I assign is on my home network and I will be using my router as the default gateway

nsxdeploymentpart5-4   nsxdeploymentpart5-5

I now need to create an internal interface – a leg into my LDR.  I connect this interface to the logical switch I created in Part 4 dedicated for transit between the LDR and ESG.  I assign it an IP in this logical switch, the same IP address I assigned to my LDR as its default gateway

nsxdeploymentpart5-6  nsxdeploymentpart5-7

I will not go into the details on Enable Proxy ARP and Send ICMP Redirect here but see NSX Reference Design for more details

I now set the default gateway – this is my home router

nsxdeploymentpart5-8

Choose to configure default Firewall policies and to configure HA, for my lab I dont configure these

nsxdeploymentpart5-9   nsxdeploymentpart5-10

Summarise and complete

nsxdeploymentpart5-10

Now if I jump on VM I should be able to ping the inside and outside interface of the ESG….but it fails

nsxdeploymentpart5-11

Before this will work I need to set the routing tables up on the ESG as it doesnt know about the subnets assigned to my logical switches.  This can be done by setting static routes or by using dynamic routing protocols such as OSPF and BGP.  For my lab I will be setting static routes.  Open the newly deployed ESG – Manage – Routing – Static Routes – Add

nsxdeploymentpart5-15

I add both networks I have assigned to my logical switches.  To see this connect to the ESG console or SSH and login with the account previously created.  Enter

show ip route

nsxdeploymentpart5-16

Once the routes are in place I can jump back onto a VM and now I can get to the inside (internal) and outside (uplink) interface of my ESG.

nsxdeploymentpart5-17

I can now route out of my NSX domain north and south, to the internet and to my physical network.  The beauty of this being nested inside Workstation is I dont need MTU size 1600 on my physical NIC, the encapsulation is done on the virtual interfaces which is decapsulated as it is travels north out of my NSX domain.  I dont have a managed router that supports dymanic routing protocols so I must add static routes to PCs on my physical network and to my router.

Below is a VM accessing a physical PC on my network

nsxdeploymentpart5-18

In effect though, baring some features such as dynamic routing, I have a working NSX domain nested in Workstation.

 

Leave a comment

Your email address will not be published. Required fields are marked *