So far the blog has configured logical routing and logical switching. This has provided us connectivity between our application tiers. It has come to a point now where an administrator will determine how their application will be accessed. To provide connectivity to the logical application network that has been built thus far one method is deploying an Edge Services Gateway.
An Edge Services Gateway (ESG) is a virtual appliance that can provide routing, firewall, load balancer, VPN, Layer 2 bridging services and more. To deploy an ESG click on NSX Edges then the green plus.
Ensure Edge Services Gateway radial button is selected and populate the relevant hostname and subsequent details. Click Next.
Populate the administrator credentials and select Next.
Here you can select the size of the appliance. The appliance sizing determines resources used when it is active. This allows the administrator a choice when selecting what is relevant for a specific application. This example chooses a Large instance.
Size | CPU | Memory |
Compact | 1 vCPU | 512 MB |
Large | 2 vCPU | 1024 MB |
Extra Large | 4 vCPU | 1024 MB |
Quad Extra Large | 6 vCPU | 8192 MB |
This table highlights the resources required for each deployment of a NSX ESG appliance. The Large instance consumes 2 vCPU and 1024 MB of RAM.
After selecting the size of the ESG appliance it is required that a Resource Pool and Datastore is selected. Select the Green Plus and allocate the Virtual Appliance to the Datastore.
There are three connections required of this Edge Services Gateway. Look at the reference diagram at the start of the post. One uplink into the external network, an internal interface that connects to the Transit network that the Logical Router our application is connected to and an internal interface to a VLAN backed port-group that our management host connects on. The Uplink into the external network is a routing link to an IP address within the physical infrastructure. This is one method of connecting back to the physical infrastructure is the port-group associated with a physical uplink.
After selecting and creating these interfaces with their subsequent addressing select Next.
To specify a default gateway select the relevant vNIC and assign a gateway IP. This will allow a default route and a next hop IP address to be installed into the routing table. Click Next.
In the example here the radial button for Default Traffic Policy is clicked to Accept. If HA has been configured then here you can specify the keep alive link and relevant configurations. Click Next.
Confirm the details that you have entered into the NSX edge. This will allow the administrator to review the configuration before committing to the deployment. Select Finish.
With that the NSX Edge Services Gateway will deploy and be ready for configuration. With very simple information we have deployed a virtual appliance that delivers load balancing, routing, VXLAN/VLAN termination, firewall functions, VPN services, L2 Bridging and more. The next post will configure dynamic routing between the two routers we have configured thus far.
“Look at the reference diagram at the start of the post.” <– There is no diagrams at start of this post? Can you put the diagram up? Connectivity to outside world is where us non-networking guys fail, but this part is always glossed over.