Learning NSX-T-Part 10: Logical Routing

In last post of this series we created logical switches and established communication between the App and Web VM which were on same subnet and connected to same logical switch. In this post we will learn about logical routing.

If you are not following along this series, then I recommend reading earlier posts of this series from below links:

1: Introduction to NSX-T

2: NSX-T Architecture

3: NSX Manager Deployment

4: NSX Controllers Automated Deployment

5: NSX Controllers Manual Deployment

6: Prepare Esxi host to form NSX-T Fabric

7: Configuring Uplink Profile

8: Configuring Transport Zone and Transport Nodes

9: Creating Logical Switches and Testing Connectivity

Optimal routing is one of the biggest challenges in any datacenter and NSX revolutionized the way how networking was used in infrastructure. 

NSX-v offered distributed routing to SDDC and because of this routing between different subnets on a Esxi hypervisor can be done in kernel and traffic never has to leave the hypervisor and thus eliminating the traffic hairpinning problems.

Logical routing drastically reduced the East-West traffic that used to flow in a datacenter without NSX. With NSX-T, logical routing functionality is extended to a multi-hypervisor and multi-cloud environment. 

Logical routing is provided by Logical Router that is deployed as an appliance and it handles East-West routing between different subnets. Logical router has 2 components:

  • Distributed component: It runs as a kernel module in hypervisor
  • Centralized Component: This component take care of centralized functions like NAT, DHCP, LB and provide connectivity to physical infrastructure.

In NSX-T we have two types of logical router:

  • Tier-0 Logical Router: A Tier 0 router is used to connect NSX networking with traditional physical networking. A Tier 0 router forwards layer 3 IP packets and typically peers with a traditional physical router using BGP or can use static routing.
  • Tier-1 Logical Router: A tier 1 logical router is often used for tenants, users and applications. Tier-1 logical routers have downlink ports to connect to NSX-T logical switches and uplink ports to connect to NSX-T tier-0 logical routers.

In my lab I have a 3-Tier application that consists of an App vm, a Web vm and a DB vm and they are on following subnets:

  • App-NW: 10.10.10.0/24
  • Web-NW: 10.10.20.0/24
  • DB-NW :  10.10.30.0/24

Here is how my lab topology looks like

Lets jump into lab and deploy a Tier-1 router and try to establish communication between the 3-tier application.

Do deploy a logical router, login to NSX manager and navigate to Home > Routing > Routers and click on + Add button and select Tier-1 Router.

  • Provide a name for the router and an optional description.
  • Tier-0 Router: If you have any Tier-0 router in your environment to which this Tier-1 router should connect then select it from the drop down menu otherwise leave it lank.
  • Edge Cluster: If the tier-1 logical router is going to be used for NAT configuration, it must be connected to an NSX Edge cluster. If you do not yet have any edge clusters configured, you can leave this field blank for now.

Hit Add button to finish the wizard. 

The newly deployed router will be visible in list.

Double click on the newly deployed router and go to configuration tab to add interfaces on this router. Click on + Add button to add new interfaces.

  • Provide a name and an optional description for the interface.
  • Select whether it will be an uplink or downlink interface.
  • Select the logical switch to which this interface will connect.
  • Select Attach to new switch port and provide it a name.
  • Supply the IP Address that will be configured on this interface in CIDR format.

Repeat the process for other logical switch that you want to connect to Tier-1 router.

I added 3 logical switch to my Tier-1 router.

Now its tim to test connectivity between vm’s.

First I verified that my Web-01 vm is on subnet 10.10.20.0/24 and default gateway for this vm points to 10.10.20.1 which I configured on one of the interface of my Tier-1 router and the vm can ping its default gateway.

I verified the same for my App-01 vm

I initiated a ping from my App-01 vm to Web-01 vm and got a ping response.

Then i pinged App-01 vm from my Web-01 vm and again I got a ping response.

Test results from DB-01 VM below.

So now we have verified that all 3 VM’s which are on different subnet can ping to each other courtesy logical router.

And that’s it for this post.

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing. Be sociable 

Leave a ReplyCancel reply