How NSX-T Routing Works (SIMPLE explanation!)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone mike here i'm back this week to talk about nsxt routing don't be worried it's not too scary and i promise that we'll get through it i will say that this is going to be the first in a small series specifically talking about routing i wanted to break it up that way because there is some new concepts and there's some new terminology and it can get a little confusing so i want to make sure we kind of take time and and take it in bite-size chunks that said i hope everyone's doing well i hope you enjoy the covid19 haircut uh to be fair things are opening here but uh i haven't been brave enough to go out a whole lot uh don't get me wrong there's things i'll go out for panera bread bowls chocolate of any kind checkers french fries anything at chick-fil-a i've found personally that the biggest reason people get confused about routing in nsxt is that they over complicate it at the end of the day it's just routing we're talking about virtual routers and virtual switches and that's really it so there's not a whole lot to it but guess what i'm gonna do today so i got two slides for you and then we're gonna get into nsxt and we'll actually look at how the routing is done and i'll show you not only what it looks like on a slide but what it actually looks like in the cli and the gui as you see here i have a diagram which kind of depicts how my home lab is set up you'll see at the top we have this redundant pair of csr 1000bs these are just virtual routers that are running as vms in my home lab and i've placed them there so that they kind of simulate what a real network would have which is some devices that are running bgp to the nsx network so in this case on the nsx side i'm actually running bgp from what an nsx we call a tier zero router and that's this guy right here so you can kind of think of a tier 0 as the on and off ramp into and out of the nsx environment so everything goes through the tier 0 regardless of where it comes from more or less there are some very specific rules when we talk about regular vlan networks where that isn't true but generally speaking it's safe to assume at this point that everything goes in and out of the tier zero so with that understanding the tier zero is ultimately just a virtual router it's not anything special it runs bgp between the physical network and nsx we can do route filtering and kind of all the bgp manipulation we would want to we can also do things like connect networks directly to that tier 0 router so you'll see here in this drawing i have the web segment directly connected to the tier 1 here if i wanted to i could actually disconnect that and connect it directly to the tier 0 router so that begs the question do we really need a tier 1 and the answer is maybe you don't have to have a tier one in nsx all a tier one is really used for is kind of further more granular network control what i mean by that is let's take an example i have this production environment you see on the screen here and i've got a web segment and an app segment and if you look at the ips on those segments i have 10.200 and 10.201 here what if i wanted to have a dev environment though where i wanted to duplicate that entire environment and kind of have this second environment right here and i have overlapping ip addresses i couldn't do that if i created another segment connected it to the same t1 because i can't have overlapping ips connected to the same router but what i can do within nsx is this in this example i've created a new tier one in this case i've named it t1-gateway-2 and i've connected it to the tier 0 just like the other tier 1. only in this case now i have new segments with the same ip address connected to this t1 so by using nat on the t1s here we can actually have overlapping subnets and it works just fine and in many customers that's what they opt to do and that's just one example of why we would have a t1 there's other very valid use cases where you would need multiple t1s that might be something like maybe i want a dedicated router for an application maybe i want to have a multi-tenant deployment where i'm going to give access to these t1s to my tenants and i'll control the t0 in other words the in and out of the environment so there's a few reasons why it would make sense to have a t1 so there's another important piece to this puzzle so i talked about t0 and t1 and how ultimately those are just virtual routers but the other piece to that is that for every router whether it's a t1 or t0 that we have multiple components within that router or multiple pieces of that router so we have a t1 and every t1 has a distributed router component and in most cases also has a service router component now the service router component is basically used for centralized services think dhcp or nat those are kind of the big ones that i see so the sr is always living in the case of nsxt on the edge nodes the edge nodes in nsxt i'm going to have a deep dive just dedicated to those because it can be a little confusing at first but for now let's just understand this the edge is the on off ramp and it is a vm that is dedicated for that on and off ramp functionality now you're probably saying but mike you said that t0 was on offramp and you'd be right the t0 lives on the edge node so to summarize if it's a service router whether it belongs to a t1 or t0 it lives on the edge node as you can see here on this slide if it's a distributed router it lives on the actual vsphere host themselves and this actually lives in kernel there's no appliance or no vm dedicated to this functionality like there is on the edge node in the case of the distributed router it's fully distributed on every transport node which means basically in this case we'll say vsphere host this is what gives the ability of nsx to provide a default gateway for all of these different networks on every host so now when i have a vm say vma and it moves from host 1 to host 2 the vm's default gateway will already be at host 2 when it lands there so it will already have a network to route to and what's really cool is let's say we have in this case i go back here to our example let's say we have this web segment here and we have this app segment let's just say for the sake of argument that both of these are sitting on the same physical host so i have web01 webo2 and apple1 all sitting on the same host they can route within the host without ever leaving that host and going to the physical network and the way they do that is because they have a distributed router component on that post which allows that routing to happen and i'm going to show you guys this so don't get too confused here so that's enough talking i want to get into the gui and some cli maybe and just kind of show you guys what this looks like because i find that a lot easier than just kind of talking on and on so let's take a look at it i'm going to hop over to vcenter first i want to kind of show you the setup i have and then we're going to get right into nsxt manager and some cli as well so let's do that all right so here we are so we're in my vcenter i want to give you guys a lay of the land just to kind of make things clear kind of take the information you've seen on the slides and make it real so i have here i have a compute cluster which i basically is where i'm going to put my vms that are actually my workload in this case the application itself so i have my apple 1 web01 and webo2 vms here and i have two hosts inside of that cluster you'll see also i have this edge cluster which is just the name i gave it and i'm using this for my edge vms and keep in mind just a refresher that the tier zero sits on the edge vms and this is where our service router components sit or the sr so this is all the centralized services dhcp nat that kind of thing so that's going to be done on these edge vms and those are actually deployed from nsxt manager so i will be doing a video on how to deploy those and i will actually be doing a deep dive as well specifically on the edge architecture so be sure to keep an eye out for that if you want to get into that but for now we're just doing an overview of routing as a whole so we'll pass up on that for now we have these vms here and i want to show you guys kind of the first thing that's really cool so if we look here where the vms are sitting i want you guys to focus in right here on the host so this is on apple one is on 254.11 web01 is on 254.11. webo2 is also on 254.11. now if we take a look at the network settings for these vms and i just picked one at random i got web01 you'll see here that the network adapter has it selected as web seg which is our nsx created network if i go here to browse you'll kind of see the first tip here so you see these little switches that have an n next to them that means that they were created from nsxt manager so that is the difference between them and a standard distributed port group as you can see here so management v251 dpg or distributed port group doesn't have that and then we've got the n next to app dash seg and web-seg which are the networks if you recall from the slide i showed a little bit earlier so we're going to close out of that i just wanted to show you guys how the networks were added and that they are showing up in vcenter once we've created them in nsxt so we're going to cancel out of that so we understand that the vms are on the proper segments so let's take a look real quick at nsxt manager i'm going to show you the actual configuration for the tier 0 and tier 1. and then finally we're going to wrap it up by actually showing you from a cli how the configuration is actually being realized inside of the host itself so let's do that i'm going to switch over to nsxt manager i'm going to throw my login in here and i'm going to do it incorrectly let's try that again voila second time's a charm all right so we're inside of nsxt manager i will say if you haven't seen my other video on how to deploy the manager you should definitely check it out up there i'll make sure that you get a link in this video that video will walk you through how to deploy the manager so that you can follow along with these steps so let's take a look at networking so we're going to go to the networking tab because we want to look at our tier 0 and tier 1 routers now what you'll see here you get kind of presented with the network overview which shows how many routers you have dns dhcp configuration how many nat rules kind of all of that which is useful if you're kind of in a larger deployment but from a lab standpoint i prefer to stick to the the left column right here so we're going to start at the tier 0 gateway so we're going to hit select tier 0 gateway now inside of that we'll see i already have a tier 0 gateway you'll see it's in active standby so what that means is i have my edgy 01 vm and edg002 vm and inside of one of those i'm not really sure right now off the top of my head but inside of one of those is mike's tier 0 active and the other one has mike's tier 0 standby so let's take a look real quick we also see linked tier one gateways if i click on that you'll see here it shows me t1-gateway which happens to be my t1 that i configured before this video you'll also see it shows an ip address here for the plumbing between those two routers that's actually completely auto generated and you can configure that if you need to so it's you're not stuck with this range but it's not something that i manually went in there and put in so i'm going to close out of that the other thing that's relevant here is linked segments you'll see zero so that means i don't have any segments directly connected to the tier zero in this case as you remember from our diagram i connected all the segments to our tier one so let's go take a look at the tier one real quick so i select tier one gateways and then you'll see i have t1-gateway which is the tier one that showed up in the last screen you'll see here it's a little bit different it shows the link to your tier zero gateways mike's two zero which we were just on but this time i have two linked segments so let's click on that so you'll see here we're populated with app dash seg and web seg with their respective ip addresses now notice the ipad address here is dot one which is actually the interface i wanted to create on the tier one when i did this so i'm going to close that but i want you guys to remember that i have that those ip addresses configured on the tier one so finally let's go down to segments just to complete the picture and we'll see i have app dash seg here and web seg here you'll see here also the connectivity shows that i'm connected to a tier one dash gateway which is the name and it's a tier one router and the same thing goes for web seg and i can see the associated subnet that i created for that segment so let's go back now let's look at our routing i want to show you guys i talked about how the tier 0 ran bjp between itself and the physical network so let's take a look at it so if we expand our router and we go down to bgp you'll see here i specified a bgp autonomous system or as i turned bgp on and then i added some bgp neighbors so if i click the neighbors you'll see here i get a list of two neighbors that i configured for this tier zero now one of the neighbors is actually showing down because the actual router is powered off right now but the other neighbor is completely up and everything's fine so i'm actually able to get in and out of my nsx environment just fine regardless so let's close that out and i'd like to also show you guys the interfaces so you do also configure the interfaces for the routers just like a real router as i said before there's nothing to this that's kind of a magic box you actually go in and you're very specific and prescriptive about what you're configuring for nsx so if i click the interfaces these ip addresses that show up here and the names and the associated segments that they're tied to these are all my outbound facing connectivity this is from my tier 0 out to the rest of the world to the physical world not to the nsx side so i went in and manually created these and placed them on the appropriate vlans in my case i'm using vlan 21 and 22. so and don't get hung up on this too much i do plan to do a deep dive where we'll go through kind of building all of this live but i wanted to kind of show you guys some of this so we kind of went through that we have a tier zero we have a tier one and we have segments so you guys understand that those are there and you kind of see how they're configured a little bit um maybe we didn't do it live but we will don't worry so now what i want to show you guys is actually how it's being realized so you saw that i had those vms i had apple 1 and web01 these vms right here i have these on the proper segments right if you recall they're all on the same host 254.11 now this is something that i find really cool so we talked about before how there's a distributed router component on every host but let me actually show you guys what that looks like so i'm going to open up putty here and i actually just ran this command right before i started the video i was going to do it live and i totally forgot i ran it so here's the output um but i logged into this host this is 254.11 so this is this host right here and once i got in the host you'll see uh once i got my ssh connection i issued a command called nsx cli and that's actually really cool so if i if i type in um question mark you'll see that i get these results that are not typical esx cli responses this is not esx specific command these are actually nsx cli and if i type exit i would actually exit out of this mode but i don't want to what is cool about this is that nsx cli if i type get i can do a whole lot of stuff i can find out what's connected to what i can look at a routing table i really get a lot of detail now in our case i said i wanted to prove to you that the tier 1 was on this device specifically the distributed router so let's take a look to do that we're going to use get logical dash routers and this is going to give us the output of basically what routers exist on this host specifically on 254.00 so if i type that in you'll see what comes back is this uuid and this is just an identifier it's nothing more it's not something that you have to remember or anything like that this is just an identifier for the logical router now let's say i do get logical router and i'll do a question mark you'll see here it asks for a uuid and in that case it's asking for this so let me paste that and then do another question mark you'll see my options i have forwarding igmp interface interfaces neighbor now the two that i really care about are forwarding which is my routing table and interfaces which interfaces i've configured on this now let me start with interfaces so you remember i had configured the 10.200.0.1 for my segment and 201.0.1 for my other segment and let's actually see if those interfaces exist on this host so if i type interfaces and i hit enter you'll see right off the bat i have this segment right here this 10.201.0.1 i have this interface which is from my app seg logical segment so that is programmed on this host specifically now if i scroll up here you'll see that i also have my other interface as well which is right here so these interfaces exist so the default gateway for web seg and app dash seg on this host is local to this host now what does that mean that means let's say we do our same command we did before except let's change it to forwarding and let me make the screen a little bit more readable there we go okay so if we look at this the way to interpret this there we go that's better so the way to interpret this this is basically the routing table once the traffic leaves the vm on this host it's basically taken by nsx and nsx says let me look at that traffic and find out where it's going in this case it will follow these routes you'll see right off the bat i have 10 200 0.0 24 and 10 201.0.0.24 look at the gateway though the gateway is myself and that's because those are directly connected to me and that's because i have both of those segments directly on this host so the beauty of this is if i'm going from say my web segment which is on this ip range on this host and i want to talk to this other segment which is on a completely different network i can actually do all of that routing through this distributed router within that host without ever leaving the host without ever going to a physical network which is really cool if you think about it and it's really efficient now what if it's not directly connected though what if it's going somewhere else right we have our default route most of you are very familiar with what a default route is so i have a default route here and it shows the gateway as 169.250 that is the sr component that lives on the edge node so again we're going to spend more time later talking about the edge but that route is directly pointing to the edge so the way traffic will go is it will hit this dr it will be routed to the sr which lives on that edge node over here and then traffic will be routed from that routing table to the appropriate location and there's a whole other routing table that lives on the edge as well so a lot of people think of nsx as kind of this black box but actually i have a ton of visibility here i can see what's going on under the hood which for me personally i'm a big fan of i like the gui but i like to actually see stuff working and maybe i'm just old school i don't know so i wasn't going to show you guys the edge piece but i do kind of want to show you the the routing there so i think what i'm going to do is actually hop over to the edge real quick and we'll call an audible here so let's go to putty and i'm going to go to edge01 and i'm going to type my credentials in if i can remember them there we go so this is where it gets interesting so now i'm logged into the edge vm itself so keep in mind i i can't stress this enough the edge is a container which holds virtual routers inside of it and it could be multiple virtual routers so don't think of the edge vm as it's just one router that's just not how it works so we have kind of the same syntax that we have on our host with the nsx cli let me expand this out a bit so you can read it so here let me try just right off the bat we know our get logical dash routers command let's type that see what happens now you see here i have a few other options and it gets interesting here because you see i have this dr component which if you recall i said the distributed router lives on all of the hosts in this case the edge vm is treated like another host so it gets a distributed router component and it gets one not only for the t1 but it also gets one for the t0 you also recall i talked about the sr component which is the on off ramp and those are right here i have the sr for mics tier zero and i have the sr for mike's tier one dash gateway so the important thing to take away from this screen is really you want to look at this vrf column so i have these vrfs and these vr ups are actually segmenting my traffic now let's take a look at the actual routing so once traffic gets routed to the sr for the tier zero how does it get out what does it see to the rest of the world so to do that we're going to type vrf and we're going to specify vrf1 because that's the vrf that's listed right here for mike's tier zero for the sr component so we'll type in vrf1 and hit enter you'll see right off the bat it drops us into this tier zero underscore sr now if i type get things change a little bit you'll see that the commands seemed a little different than they were before in this case i'll type get forwarding first you'll see here again i have a bunch of routes now i probably should have issued another command which i'll show you i'll show you guys some of the bgp stuff but this is good too because you can actually see these segments these are actually those ips i showed you earlier the interfaces i created on the tier zero that's these ips right here so it's showing me locally connected routes on the physical network it's showing me uh routes internal to the nsx environment so those app seg and web seg those routes are right here and i'm getting the even things like the routes between the routers are showing up here which is that internally generated range that i spoke of earlier so let's take a look at bgp and you don't have to be a bgp expert to understand this i just want to show you guys so if i do get bgp neighbor summary and hit enter you'll see that i have two bgp neighbors so i'm sharing routes to and from uh 22-10 and 21-10 which are my csr routers in my environment and you'll also see here that remember one of those is actually down we saw that in the gui so that's why we're seeing here it shows the state is active which means it's down essentially and then we also see we're not receiving any prefixes or sending any prefixes out or routes out we do see on the other neighbor though we are sending and receiving four routes so let's take a look at those so for that i'll type in get route and hit enter now you'll see here that we have this really nice kind of uh this guide to understanding will all be understanding what all of these you'll see here we have this nice kind of guide that explains what all these little abbreviations mean but honestly they're pretty self-explanatory and i think once you do it a few times you get them pretty quickly so in this case t 0 c so c means connected so that means these routes are directly connected to the tier zero t1c is the same thing but for the tier one and you'll see that we have those routes for those interfaces that we created for the segments b of course means bgp so we can actually see that we're learning this route from the outside network into the nsx world you'll also see that we're generating a default route into nsx which is typically what i see but it's not an absolute requirement well that's all i have for you guys today oh horrible so horrible well that's all i have for you guys to well that's all i have for you guys today i hope this video was helpful i will say there's gonna [Music] so that's all for today again appreciate the support thank you everyone take care definitely subscribe like if this video was helpful and comment that's the most important part tell me what you found useful tell me what you didn't find useful tell me what you guys want to see

Info

Channel: NRDY Tech

Views: 10,744

Rating: undefined out of 5

Keywords: nsxt, nsx, vmware vds

Id: 16EXFYDV1DE

Channel Id: undefined

Length: 25min 32sec (1532 seconds)

Published: Tue May 26 2020