VMware NSX-T: adding High Availability to the routing topology

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone welcome back to my channel um today i'm going to show you how to add a second nsxt edge node to your environment how to add redundancy by using an active active t0 using ecmp routing with bgp yeah so in my previous videos i kind of explained you know the fundamentals of nsxt and how i initially set up my homework environment and now i'm basically just adding redundancy because in any production environment you wouldn't want to run your nsxt environment you know on on single edges on uh single points of failure etc so um yeah just like in my other videos i first want to dive into a simple drawing to show you the topology and then we're going to dive into the home lab and you know see how things are configured a second type of wreck router so i now have two virus appliances configured in my environment and they are connected to two edge nodes and these edge nodes are both connected to two uplink vlan so that's the blue vlan vlan and the red vlan which is vlan 11 and as you can see i now have fully redundant parts to both my top of racks i'm going to show you the config of the top of rex as well but before we dive into uh the entire configuration it's it's really important to understand the difference between an nsxt edge and an nsx for vsphere edge they both share the same name but they are entirely different entities different constructs and for me you know coming from an nsx feed background this is the most confusing part of nsxt to be honest because here my my t0 router that's that's running on both of these edge nodes and these h nodes are simply um transport nodes just like your esxi hogs are transport nodes only they have an uplink to the to the physical network so to the top of rex over here connected to the t0 router is of course a tier 1 router which i drew like a rectangle and that's distributed across uh my three transport nuts my three esxi nuts the back end plumbing is done automatically by nsxt so they there's already a subnet with ip addresses configured it's a slash share 31 and connected to my t1s are three segments for web application and my database service okay so let's switch to the home lab environment and see how things are configured and before we dive into the nsxt configuration i wanted to show you how i deployed my n60 edges just to save a bit of performance i'm not doing you know virtualization in virtualization so i'm not running my nsxt edges on top of my nested e6i host but i'm running them directly on my physical server so this is just a basic visualization and if you look at my nsxt edges they are virtual machines deployed by an ova and if you look at the network configuration you can see that an edge node comes with four network adapters so four licks uh nick number one is connected to my management network which is vlan 10. network adapter 2 is connected to the overlay vlan so that's used to transport the geneva traffic and adapters 3 and 4 they are used to connect from the edges to the top of rec so the uplink vlans as you can see here i've connected it to the port group for nested e6i which is basically a port group for uh that makes it a trunk board in vlan 409.5 to 4095. um check out my previous video to see a bit more explanation on uh you know setting up trunking in necessity is guy e6r environments but i'm going to do vlan tagging inside of nsxt on the segments i'll show you that in a bit um but these four network adapters are being used in my uplink profiles which are configured in nsxt of course so let's first switch to the to the fabric configuration so let's switch to system fabric and first let's check out the uh all the edge notes and the transport nuts so i have here let me see so i have three esxi hosts configured for n6d so these are all three configured as host transport nodes so these are my nsxt edges and before we dive into the configuration let's first take a look at the edge uplink profiles again this is pretty confusing pretty tough stuff to wrap your head around but first let's take a look at a default uh edge uplink profile which is already configured and it's it's really basic it's called nsx single nic uplink profile and it does exactly that it just configures a single uplink uh to be used a single active uplink to be used on an n6t switch connected connecting the n60 edges um i configured a different edge uplink profile because i want redundancy from my nsxt edges to my top of rack so i need two interfaces there one for vlan 11 one for vlan 12. and as you can see here i configured a uplink profile with two up links so two active uplinks uplink one and uplink two now looking at the configuration of the nsx t edge transport nodes you'll see that i used both these uplink profiles to create a configuration of my nsxt edges so first i added a nsxt switch within the transport zone for overlay networking and i used a single nic uplink profile which i showed earlier this is only to create to connect the nsxt edge node into the vlan that's used to transport the overlay network so let's switch back to [Music] to my drawing the only thing that i'm configuring here is let's change to color purple i configured a uplink profile so i can connect these to edges to the um the vlan 6 which is used to transport the overlay uh traffic so the geneva traffic now i'm running nsxt 3.1 and that allows me to use the same vlan for both my nsxt edge transport nodes and the e6i host transport nuts in previous versions you will require to create separate routable vlans for both your edges and both your transport nodes so with 3.1 i can just put my edge nodes and my e6i servers in the same vlan so if i would draw that into this um i'm just going to do a big simple drawing if i were to connect my or draw my l6 or e6 host in here i would just simply put the tap in the face of the esxi server in the same vlan as the tab interfaces of the edge nuts that's pretty important to remember with version 3.1 and previous versions so let's switch back to the configuration of the n60 edge nodes so a single v-switch connected to the overlay transport zone using the single dig uplink profile i've used a an ipool to configure ip addresses on the tap interfaces and i'm just using a single uplink and here you can see that my single uplink is mapped to the virtual neck fpe eth0 and you can see it shows up the mac address here for this edge node so it's it validates the entry okay now let's switch back to the ipad and see the configuration of the network interfaces of an edge node as you can see here each edge node has four network interfaces configured eth0 is connected or its purposes to connect it for management purposes so this is connected to my management vlan 10. fpe th1 0 is used for overlay networking so that's connected to my overlay vlan 6 and then again fb eth1 and fbedh2 are both connected to vlans 11 and 12 respectively so they can take care of the uplink profiles so if we look at if we look at the configuration of the edge node once more you'll see how this maps out so network adapter 1 was eth0 connected to management nick2 connected to the overlay network and nyx 3 and 4 are used for uplink for the uplinks to my top of ranks now that was the first switch i configured in nsxt so nvds overlay the second switch i added is called uplinks and that's connected to the transport zone the tz-vlan uplinks so that's a vlan transport zone and not an overlay transport so i use the edge uplink profile which i showed earlier which has the two uplinks configured and these map out to fpedh1 and fpeth2 alright so this is the configuration of the edges now let's take a look at two segments that i configured to connect the edges to my top of ranks these are segments within the uh the vlan transport zone and here you can see that segment one is configured with vlan 11 and segment two is configured with [Music] with vlan 12 and this way i can so this is vlan 12. so this way i can do the vlan tagging inside of nsxt the nicks on the edges are connected to my nested esxi port group so the nested the necessity e6 port group is configured using vlan 4095 so again i can do the vlan tagging inside of uh nsxt so let's take a look at the port group um the necessity e6 i switch an area of a nested e6 port group with vmid 4095 so this is how i basically connect my n60 t0 router using the edges to my physical network running connected to two type of bricks running virus now with all the plumbing in place let's take a look at um the configuration of the theory zero router so the t0 now this is the topology so i have four active uplinks from my t0 the back plumbing is handled by nsxt connecting to the tier 1 and the tier 1 is the gateway for my three segments this is basically a really simple setup and it's using active active ha mode so i'm using all uplinks redundantly i configure four interfaces [Music] so h1 uplink one is connected to vlan 11 h2 uplink uplink 2 is also connected to vlan 12 11 and i have the two other uplinks and this basically gives me four active parts so let's again switch back to um to the ipad i have vlan 11 which is the red vlan in my diagram configurable 0.2 ip address i have 0.3 on the other side so this interface is bound to h01 this interface is bound to h02 and the blue vlan is vlan 12 and i i did the same topology so um this gives me four uh parts usable by uh for bgp routing these are being used to establish the bgp neighbor relation shipped between my t0 and my top of ranks so i configured a local is number of 6503 on nsxt and on my firewest routers on my top of rx the local aes number there is 65001 so i'm using ecmp routing as i mentioned earlier and i configured two bgp neighbors so from the nsxt perspective i have two neighbor relationships with my top of rex which is in vlan 11 so the red vlan and vlan 12 and the basic configuration is really simple you just put in the remote as number so again 65001 is the local aes number of my firewest routers and in the neighbor relationship you just configure the remote as number i enabled bfd so to do a failure detection of uplinks and i lowered the hold down timer and the keeper life timers just to make sure that when i'm testing failovers i don't have to wait a minute so the whole down timer is 12 seconds and keep a live timer set to 4 seconds and this is basically the configuration i did for both my bgp neighbors now if we're going to take a look at the configuration of the top of rex first let's um let's show you the config so my configuration starts with the configuration of my first hop routing redundancy protocol i use vrrp which is basically an active standby failover mechanism for default gateways so for each of my routable vlans i configured vrp um and it's basically really simple you just set up you know the source source address for the yellows which are exchanged you configure the interface appear address which of course the hellos are being are being exchanged and what it basically does is it presents a virtual default gateway to the rest of the network and on the back end you know both routers are taking an active passive role in routing and the priority determines which one is active so the higher the priority number that's the one that's that's actively doing the routing so in my configuration let's show you the configuration of the second router um and here you'll see that i'm using priority 100 on the on the number two and priority 200 on my first router so basically the first router is now actively doing the routing i configured the interfaces of course which were already in place i have now configured vlan 11 which is the red vlan on the first router and i've configured show config and i configured vlan 12 on the top right router which is connected to the blue vlan and i'm using the that vlan that interface to do the bgp peering so if you look at the configuration here i'm going to skip the bfd configuration for now let's focus on bgp first so the command is set protocols bgp then the local as number 76501 and then i'm doing the neighbor relationships so over vln11 i'm connecting to both my nsxt edges so 11.2 is a neighbor id and 11.3 is a neighbor id you put in the remote as number the timers need to be in sync of course so again 12 seconds for the hold down timer four seconds for the keep alive and you configure a a router id if you look at the bgp configuration on the second top of rack that's basically the same but it's using vlan 12 so the blue vlan to establish the bgp neighbor relationships um speaking of which bgp summary here you can see that i have two bgp neighbors [Music] established and i have two bgp neighbors bgp summary and i have two neighbors uh established on the right hand side now if you take a look at a bit more detail ipbqp neighbors let's take the first one you'll see that it's established and that's the bgp state that you're looking for anything else so active or connecting or any other state then you have most likely a misconfiguration or a misalignment of parameters because if the vlan is active you configure bgp correctly with all the parameters in place then it needs to go to the established state um now looking at the routing table you'll see that for each of my segments so 100 101 to 102 are my web app and database segments they are reachable over two routes so there are two routes in the round table with an equal cost so traffic will be balanced evenly will be routed evenly across these links and the same goes of course for the second router which are which also has two routes per destination in place so that makes you know you overfeed an 11 and overv12 that makes four active links uh in place so if we look at the um topology again in nsxt then you'll see the four uplinks in place here now that's basically the n6t0 configuration now let's briefly look at the t and the t1 now the t1 is only configured for distributed routing so i don't need to use stateful services right now so i'm not configuring an edge cluster for this d1 it's only doing distributed routing right now which is being done inside of the e6i transport nodes so the host transport nodes so no service interface is configured it's just distributed routing and i'm doing route advertisements of my static routes and my connected segments so that my three segments are properly advertised to the rest of the network um yeah so that's basically it let's switch back once more to the to the ipad just to finish up and see the entire topology for the final time so i showed you how to configure your two virus routers the red vlan is connected to both edge nodes and the blue vlan on the second router is also connected to h node so that gives four active uplinks combined with ecmp routing that delivers four active redundant parts where traffic will be balanced equally the two edge nodes i showed you how the interfaces are configured on the edge nodes how to do the configure uplink profiles which interfaces are actually connected you know to which point group on your on your physical box i showed you the plumbing into the t1 router and the t1 router is doing distributed routing for each of my segments so yeah that's basically it for this video thank you so much for watching yeah if you haven't done so already you know please subscribe to my channel um i'm really grateful of all the nice messages that i'm receiving about my videos i hope it's it's helpful and and helping everyone out there you know understanding nsxt a bit better if you were looking for a specific topic which you want me to cover please also let me know in the comments as well and yeah hopefully see you next time thanks for watching cheers

Info

Channel: Jeffrey Kusters

Views: 1,048

Rating: 4.7647057 out of 5

Keywords: VMware, NSX-T, VMware NSX-T, Homelab, VMware Homelab, vExpert

Id: gYUogc4w5Rk

Channel Id: undefined

Length: 23min 36sec (1416 seconds)

Published: Sat Jan 02 2021