Create Tier-0 Logical Router

Page last updated:

Warning: VMware Enterprise PKS v1.6 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic provides instructions for creating an NSX-T Tier-0 Logical Router for use with Enterprise PKS.

Prerequisites

Make sure you have completed all preceding NSX-T installation tasks.

About Tier-0 Logical Routers

In NSX-T Data Center, a Tier-0 logical router provides a gateway service between the logical and physical network.

There are several steps involved in the process of creating a Tier-0 router, summarized as follows. Detailed step-by-step instructions are provided after the summary. For additional information, see Tier-0 Logical Router in the NSX-T documentation.

  1. Define a T0 logical switch with an ingress/egress uplink port.
  2. Attach the T0 LS to the VLAN Transport Zone.
  3. Create a logical router port and assign to it a routable CIDR block (10.172.1.0/28, for example) that your environment uses to route to all Enterprise PKS-assigned IP pools and IP blocks. Work with your network administrator to get the IP address and subnet mask (prefix length) to specify for the T0 Router Port.
  4. Connect the T0 router to the uplink VLAN logical switch.
  5. Attach the T0 router to the Edge Cluster and set HA mode to Active-Standby, if you are using NAT mode. NAT rules are applied on the T0 by NCP. If the T0 router is not set in Active-Standby mode, the router does not support NAT rule configuration. If you are using No NAT mode, you can use Active-Active mode for the T0 router.
  6. Configure T0 routing to the rest of your environment using the appropriate routing protocol for your environment or by using static routes.

Create T0 Router

Create a Tier-0 Logical Router for Enterprise PKS by completing the following procedure.

Create VLAN Logical Switch (LS)

  1. In NSX Manager, go to Advanced Networking & Security > Switching > Switches.

  2. Click Add and create a VLAN logical switch (LS).

  3. Configure the logical switch as follows and click Add to save the configuration:

  • Name: uplink-LS11, for example
  • Transport Zone: TZ-VLAN, for example
  • Uplink Teaming Policy Name: [Use Default]
  • Admin Status: Up
  • VLAN: 0

Create T0 Router Instance

When you create the Tier-0 Router, you must specify the HA mode. If you are using NAT mode, you must select Active-Standby. NAT rules are applied on the T0 by the NSX-T Container Plugin (NCP) component. If the T0 Router is not set to Active-Standby, NCP will not be able to create NAT rules on the T0 Router. If you are using routable IP addresses for Kubernetes nodes (that is, No NAT mode), you can use Active-Active.

  1. In NSX Manager, go to Advanced Networking & Security > Routing > Routers.

  2. Click Add and select the Tier-0 Router option.

  3. Configure the new T0 router as follows:

    • Name: Enter a name for the T0 router, T0-LR for example.
    • Edge Cluster: Select the Edge Cluster, edge-cluster for example.
    • High Availability Mode: Select Active-Standby (if NAT mode) or Active-Active (if No NAT mode).
    • Failover Mode: Select Preemptive or Non-Preemptive based on your requirements.

  4. Click Add and verify you see the new T0 Router instance:

Create T0 Router Ports for both Edge Transport Nodes

In this section you configure a new T0 Router port by attaching the T0 Router port to the logical switch you created at the beginning of this procedure (uplink-LS1, for example). You then assign an IP address and CIDR that your environment uses to route to all PKS-assigned IP pools and IP blocks.

  1. In NSX Manager, go to Advanced Networking & Security > Routing > Routers.

  2. Select the T0 Router you just created.

  3. Select Configuration > Router Ports.

  4. Click Add and configure the new T0 router port as follows:

    • Name: Uplink1
    • Type: Uplink
    • Transport Node: nsx-edge-1-tn, for example
    • URPF Mode: Strict (typically)
    • Logical Switch: uplink-LS1 (the logical switch you created earlier in this procedure)
    • Logical Switch Port: Attach to new switch port
    • Logical Switch Port: uplink1-port, for example
    • IP Address: 10.145.22.115, for example
    • Prefix Length 24, for example

  5. Click Add and verify that you see the new T0 Router Port interface.

  6. Repeat this procedure for the second Edge Transport Node.

    • Name: Uplink2
    • Type: Uplink
    • Transport Node: Select the second Edge Node, nsx-edge-2-tn, for example
    • URPF Mode: Strict (typically)
    • Logical Switch: uplink-LS1 (the logical switch you created earlier in this procedure)
    • Logical Switch Port: Attach to existing switch port
    • Logical Switch Port: Select the UUID of the switch port you created for Uplink1
    • IP Address: 10.145.22.116, for example
    • Prefix Length 24, for example

Add a Static Route

Configure T0 routing to the rest of your environment using static routes (if you are using NAT-mode) or the appropriate routing protocol (if you are using no-NAT-mode). The following example uses static routes for the T0 router. The CIDR used must route to the IP address you just assigned to your T0 uplink interface.

  1. Go to Advanced Networking & Security > Routing > Routers and select the T0 Router.

  2. Select Routing > Static Routes and click Add.

  3. Create a new static route for the T0 router.

    • Network (IP/mask): 0.0.0.0/0
    • Next Hop: 10.145.22.117, for example
    • Admin Distance: 1
    • Logical Router Port: Uplink1

  4. Click Add and verify that see the newly created static route:

Verify T0 Router Creation

If successfully configured, the T0 Router uplink port IP address should be reachable from your corporate network.

  1. Go to Advanced Networking & Security > Routing > Routers and select the T0 Router.

  2. In the Overview tab, review the Summary section and High Availability Mode.

  3. From your local laptop or workstation, ping the uplink IP address. For example:

    PING 10.40.22.24 (10.40.22.24): 56 data bytes
64 bytes from 10.40.22.24: icmp_seq=0 ttl=53 time=33.738 ms
64 bytes from 10.40.22.24: icmp_seq=1 ttl=53 time=36.965 ms

Next Step

See Configure Edge Node HA.

NSX-T Installation Instructions Home

See Installing and Configuring NSX-T for Enterprise PKS.

Please send any feedback you have to pks-feedback@pivotal.io.