Objective 5.4 – Configure and Manage Logical Routers

Posted by

1

Knowledge

  • Describe and differentiate router interfaces
    • Distributed Logical Routers have LIFs (Logical InterFaces) which connect to Logical Switches.
    • Edge Logical Routers have Internal interfaces and Uplink interfaces.
    • Management interfaces are used for out-of-band access to the logical router.
  • Determine controller and logical switch requirements for logical router deployment
    • You must have at least three controller nodes and one logical switch in your environment before installing a logical router.
  • Add a logical router
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Click the Add “+” icon.
    • In the Add Edge Gateway wizard, select Logical (Distributed) Router.
    • Select Enable High Availability to enable and configure high availability (HA).
    • Type a name for the NSX Edge virtual machine.
    • This name appears in your vCenter inventory. The name should be unique across all Edges within a single tenant.
    • (Optional) Type a host name for the NSX Edge virtual machineThis name appears in CLI. If you do not specify the host name, the Edge ID is displayed in CLI.
    • (Optional) Type a description and tenant for this NSX Edge.
    • Click Next.Specify the CLI Credentials for Logical Router: Edit the credentials to be used for logging in to the Command Line Interface (CLI).
    • On the CLI Credentials page, specify the CLI credentials for your NSX Edge virtual machine.
    • CLI user name Edit if required.
    • CLI password
    • (Optional) Click Enable SSH access if required.
    • Click Next. The Edge Appliances page appears.
  • Configure distributed routing
    • On the Deployment Configuration page, select the datacenter where you want to place the NSX Edge virtual machine.
    • In NSX Edge Appliances, click the Add ( ) icon to add an appliance. If you had selected Enable HA on the Name and Description page, you can add two appliances. If you add a single appliance, NSX Edge replicates its configuration for the standby appliance ensures that the two HA NSX Edge virtual machines are not on the same ESX host even after you use DRS and vMotion (unless you manually vMotion them to the same host).
    • In the Add Edge Appliance dialog box, select the cluster or resource pool and datastore for the appliance.
    • (Optional) Select the host on which the appliance is to be added.
    • (Optional) Select the vCenter folder within which the appliance is to be added.
    • Click OK.
    • Click Next.The Interfaces Configuration page appears.
    • Configure a management interface
    • On the Interfaces page, type the IP address for the management interface.
    • In Management Interface Configuration, click Select next to the Connected To field and select the logical switch or port group that you want to set as the management interface. Add “+” icon to add a subnet for the management interface.
    • In the Add Subnet dialog box, click the Add “+” icon.
    • Type the IP address of the subnet and click OK. If you add more than one subnet, select the primary subnet.
    • Type the subnet prefix length and click OK.
    • In Configure Interfaces, click the Add “+” icon to add a traffic interface and type a name for the interface.
    • Select Internal or Uplink to indicate whether this is an internal or external interface.
    • Select the port group or VXLAN virtual wire to which this interface should be connected.
      • Click Select next to the Connected To field.
      • Depending on what you want to connect to the interface, click the Virtual Wire or Distributed Portgroup tab.
      • Select the appropriate virtual wire or port group.
      • Click OK.
    • Select the connectivity status for the interface.
    • In Configure Subnets, click the Add “+” icon to add a subnet for the interface.
    • In Add Subnet, click the Add “+” icon to add an IP address.
    • Type the IP address.
    • You must add an IP address to an interface before using it on any feature configuration.
    • Click OK.
    • Type the subnet prefix length.
    • Click OK and then click OK again.
    • Click NextThe Default Gateway page appears.
  • Configure High Available for a logical router
    • Type the period in seconds within which, if the backup appliance does not receive a heartbeat signal from the primary appliance, the primary appliance is considered inactive and the back up appliance takes over. The default interval is 15 seconds.
    • (Optional) Type two management IP addresses in CIDR format to override the local link IPs assigned to the HA virtual machines.
    • Ensure that the management IP addresses do not overlap with the IPs used for any other interface and do not interfere with traffic routing. You should not use an IP that exists somewhere else on your network, even if that network is not directly attached to the NSX Edge.
    • Click Next.Confirm Settings and Install the Logical Router:
    • On the Summary page, review the settings for the NSX Edge.
    • Click Previous to modify the settings
    • Click Finish to accept the settings and install the NSX Edge router.
  • Configure edge routing
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click an NSX Edge.
    • Click Routing and then click Global Configuration.
    • To configure dynamic routing, click Edit next to Dynamic Routing Configuration.
      • Router ID is a unique identifier to identify the peer that is sending routes. Select an external interface who’s IP you want to use as the Router ID or select Custom ID and type an IP address.
      • Do not enable any protocols here.
      • Select Enable Logging to save logging information and select the log level.
    • Click Publish Changes.
  • Configure routing protocols
    • Static
      • To configure for Static routing, ensure you do not configure dynamic routing (shown in the step above), and configure a default gateway and relevant static routes as shown in the sections below.
    • OSPF
      • Log in to the vSphere Web Client.
      • Click Networking & Security and then click NSX Edges.
      • Double-click an NSX Edge.
      • Click Routing and then click OSPF.
      • Do one of the following.
        • For an Edge services gateway Click Enable.
        • For a logical router
          • Click Edit at the top right corner of the window.
          • Click Enable OSPF.
          • In Forwarding Address, type an IP address that is to be used by the router datapath module in the hosts to forward datapath packets.
          • In Protocol Address, type a unique IP address within the same subnet as the Forwarding Address. Protocol address is used by the protocol to form adjacencies with the peers.
      • In Area Definitions, click the Add icon.
      • Type an Area ID. NSX Edge supports an area ID in the form of an IP address or decimal number.
      • Select Stub in the Type field. Typically, there is no hierarchical routing beyond the stub.
      • Select the type of Authentication. OSPF performs authentication at the area level, hence all routers within the area must have the same authentication and corresponding password configured. For MD5 authentication to work, both the receiving and transmitting routers must have the same MD5 key.
        • None: No authentication is required, which is the default value.
        • Password: In this method of authentication, a password is included in the transmitted packet.
        • MD5: This authentication method uses MD5 (Message Digest type 5 ) encryption. An MD5 checksum is included in the transmitted packet.
      • For Password or MD5 type authentication, type the password or MD5 key.
      • Click OK.
      • In Area to Interface Mapping, click the Add icon to map the interface that belongs to the OSPF area.
      • Select the interface that you want to map and the OSPF area that you want to map it to.
      • Hello Interval displays the default interval between hello packets that are sent on the interface. Edit the default value if required.
      • Dead Interval displays the default interval during which at least one hello packet must be received from a neighbour before the router declares that neighbour down. Edit the default interval if required.
      • Priority displays the default priority of the interface. The interface with the highest priority is the designated router. Edit the default value if required.
      • Cost of an interface displays the default overhead required to send packets across that interface. The cost of an interface is inversely proportional to the bandwidth of that interface. Edit the default value if required.
      • Click OK and then click Publish Changes.
    • BGP
      • Log in to the vSphere Web Client.
      • Click Networking & Security and then click NSX Edges.
      • Double-click an NSX Edge.
      • Click Routing and then click BGP.
      • Click Edit.
      • In the Edit BGP Configuration dialog box, click Enable BGP.
      • Type the router ID in Local AS. Type the Local AS. This is advertised when BGP peers with routers in other autonomous systems (AS). The path of ASs that a route traverses is used as one metric when selecting the best path to a destination.
      • Click Save.
      • In Neighbors, click the Add icon.
      • Type the IP address of the neighbour.
      • Type the remote AS.
      • Edit the default weight for the neighbour connection if required.
      • Hold Down Timer displays interval (180 seconds) after not receiving a keep alive message that the software declares a peer dead. Edit if required.
      • Keep Alive Timer displays the default frequency (60 seconds) with which the software sends keep alive messages to its peer. Edit if required.
      • If authentication is required, type the authentication password. Each segment sent on the connection between the neighbours is verified. MD5 authentication must be configured with the same password on both BGP neighbours, otherwise, the connection between them will not be made.
      • To specify route filtering from a neighbour, click the Add icon in the BGP Filters area.
      • Select the direction to indicate whether you are filtering traffic to or from the neighbour.
      • Select the action to indicate whether you are allowing or denying traffic.
      • Type the network in CIDR format that you want to filter to/from the neighbour.
      • Type the IP prefixes that are to be filtered and click OK.
      • Click Publish Changes.
    • IS-IS
      The IS-IS protocol is currently experimental

      • Log in to the vSphere Web Client.
      • Click Networking & Security and then click NSX Edges.
      • Double-click an NSX Edge.
      • Click Routing and then click IS-IS.
      • Click Edit and then click Enable IS-IS.
      • Type the System ID and select the IS-IS type.
        Level 1 is intra-area, Level 2 is inter-area, and Level 1-2 is both. Level 2 routers are inter-area routers that can only form relationships with other Level 2 routers. Routing information is exchanged between Level 1 routers and other Level 1 routers, and Level 2 routers only exchange information with other Level 2 routers. Level 1-2 routers exchange information with both levels and are used to connect the inter-area routers with the intra-area routers.
      • Type the Domain Password and Area Password. The area password is inserted and checked for Level 1 link state packets, and the domain password for Level 2 link state packets.
      • Define the IS-IS areas.
        • Click the Add icon in Areas.
        • Type up to three area IP addresses.
        • Click Save.
      • Configure interface mapping.
        • Click the Add icon in Interface Mapping.
        • Choose the Circuit Type to indicate whether you are configuring the interface for Level-1, Level-2, or Level-1-2 adjacency.
        • Hello Interval displays the default interval in milliseconds between hello packets that are sent on the interface. Edit the default value if required.
        • Hello Multiplier displays the default number of IS-IS hello packets a neighbour must miss before it is declared down. Edit the default value if required.
        • LSP Interval displays the time delay in milliseconds between successive IS-IS link-state packet (LSP) transmissions. Edit the default value if required.
        • Metric displays default metric for the interface. This is used to calculate the cost from each interface via the links in the network to other destinations. Edit the default value if required.
        • Priority displays the priority of the interface. The interface with the highest priority becomes the designated router. Edit the default value if required.
        • In Mesh Group, type the number identifying the mesh group to which this interface belongs. Edit the default value if required.
        • Type the authentication password for the interface and click OK. Edit the default value if required.
      • Click Publish Changes.
  • Configure default gateway
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click an NSX Edge.
    • Click Routing and then click Global Configuration.
    • To specify the default gateway, click Edit next to Default Gateway.
      • Select an interface from which the next hop towards the destination network can be reached.
      • Type the gateway IP if required.
      • Edit the MTU if required and type a description.
      • Click Save.
    • Click Publish Changes.
  • Add/Delete a static route
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click NSX Edges.
    • Double-click an NSX Edge.
    • Click the Manage tab and then click the Routing tab.
    • Select Static Routes from the left panel.
    • Click the Add “+” icon.
    • Type a description for the static route.
    • Select the interface on which you want to add a static route.
    • Type the Network in CIDR notation.
    • Type the IP address of the Next Hop.
    • For MTU, edit the maximum transmission value for the data packets if required.
    • The MTU cannot be higher than the MTU set on the NSX Edge interface.
    • Click OK.
  • Determine if cross-protocol route sharing is needed for a given NSX implementation
    • By default, routers share routes with other routers running the same protocol. In a multi-protocol environment, you must configure route redistribution for cross-protocol route sharing.

Tools

NSX Installation and Upgrade Guide

NSX Administration Guide

NSX Manager

NSX CLI

vSphere Web Client

One thought on “Objective 5.4 – Configure and Manage Logical Routers

  1. Pingback: VMware VCP-NV NSX Study Resources | darrylcauldwell.com

Leave a comment