The previous posts in this series have stepped through how to enable NSX and get some logical switches configured. Workloads now have L2 adjacency across IP subnets thanks to VXLAN logical switch overlays. It is time for routing. This post is building a three-tier application with logical isolation provided by network segments, routing and firewall rules. Later we will build a micro segment.
Within the Networking and Security plugin select NSX edge. Click the green plus.
As discussed in the NSX compendium, the installation and configuration of a Logical Distributed router installs what is known as a control virtual appliance. The control virtual appliance builds the control plane and manages OSPF adjacency and events for example. It is not in the data path.
Select the Logical (Distributed) Router from the radial menu and fill a name in. Click Next.
Set an administrative password and username. Choose Enable SSH access if you desire.
Allocate which datastore you are going to store this on.
Now it is time to create the interfaces of our Logical Router. Click the Green plus on the add interface page then select what the logical router will connect to.
Next specify the gateway address of the subnet. This interface is analogous to a Switched Virtual Interface (SVI) or a Routed Virtual Interface (RVI). This is the default gateway for the subnet. Populate the address range and subnet prefix.
With that you can accept the changes. Note that southbound interfaces that connect to logical switches with workloads on them are generally internal. Northbound interfaces are where connectivity to an upstream subnet is made and this is an uplink.
With the interface created repeat it for the interfaces of the Application Tier and Database Tier. When completed select finish and deploy. Note that the logical router control VM is deploying. It will leverage the VIB installed at host preparation time for logical in kernel routing. The control VM is dedicated to managing Logical interfaces (SVI/RVI) interactions and distribution of current information.
It is possible to have multiple logical routers per host. This allow tenant isolation or application isolation. Combine this with controlled transport zone for control planes and you have distinct segregation.
One this has deployed you will have in kernel routing. Now look to test Web to App tier connectivty.
The logical router is super easy to deploy and delivers optimised application traffic flows. Not having to route out to a core switch or aggregation gateway makes administration and troubleshooting easier than ever.
Hi Anthony, very good blog series for NSX. I have a quick question, is NSX only using VXLAN for overlay protocol? How about the Nicira STT, is that protocol got abandoned after the merge (NVP ->NSX)?
I see VMware co-authored Geneve draft, when will NSX start to support Geneve?
Thanks,
Weibin
Hi Weibin,
Thanks for the comment. NSX uses VXLAN for the overlay protocol. Nicira/VMware STT is still used on NSX for Multi-hypervisor edition and its placement is host-to-host encapsulation/communication.
I cannot comment on futures regarding Geneve and when NSX will/will not support Geneve! Sorry 🙂