The virtual appliances in the Cloud Foundation management workload domain connect upstream using Layer 2 networks, where routing services in the data center are required at the defined Layer 2 and Layer 3 network boundary. For VI workload domains deployed in Cloud Foundation on VxRail, workload domains connect upstream by peering with external routing services using eBGP. A pair of NSX-T edge devices configured as Tier-0 gateways are deployed for this purpose in the management workload domain for this purpose.
If the Application Virtual Network option is enabled, the NSX-T edge devices are deployed during the Cloud Builder deployment process. The Application Virtual Network is required for the deployment of the vRealize suite of management applications. SDDC Manager depends on this network to download the vRealize Suite Lifecycle Manager and vRealize software packages.
The tables in Appendix F: Application Virtual Network configuration provide guidance on the settings that must be captured to enable BGP peering with the NSX-T Tier-0 gateways for the Application Virtual Network. The guidance provided in this section can be used for BGP peering with another NSX-T Tier-0 gateway for a future VI workload domain.
Figure 44. BGP relationship between NSX-T Edge Gateways and external routers
The NSX-T edge devices must be able to establish an eBGP peer relationship with the upstream routing services. The following tasks must be completed on the upstream switches for peering with the Edge Tier-0 gateways:
- BGP is configured on each router instance.
- Configure BGP with a common Autonomous System Number (ASN) on the network devices targeted for peering with the NSX-T edge gateways.
- Configure the IP prefix list to allow passage of all networks between the physical and virtual networks.
- Configure the timer ‘keepalive’ value is set to 4.
- Configure the timer ‘holdtime’ is set to 12.
- eBGP peering is configured on each router instance.
- Configure the IP address to establish a neighbor relationship with the first NSX-T uplink instance.
- Configure the IP address to establish a neighbor relationship with the second NSX-T uplink instance.
- Configure a password on the BGP configuration for each external router instance. This password is captured and configured on the adjacent NSX-T Tier-0 gateways.
- Configure the internal ASN value configured for the NSX-T Edge gateways on each BGP neighbor configuration on the external router instance.
- Configure a VLAN on each router instance to match the VLAN assigned to the uplinks on the NSX-T Tier-0 Gateways.
- Configure a gateway IP address on each router instance for the VLAN assigned to the uplinks on the NSX-T Tier-0 Gateways.
If the AVN option is selected during the deployment of the Cloud Foundation management workload domain, the Cloud Builder process performs the following tasks:
- Two portgroups on the virtual distributed switch in the management workload domain are configured for BGP peering.
- A VLAN is configured on the first portgroup for establishing an uplink with the first external router.
- A VLAN is configured on the second portgroup for establishing an uplink with the second external router.
- An IP address is assigned to the first virtual port on each NSX-T Edge Gateway for BGP peering with the first external router.
- An IP address is assigned to the second virtual port on each NSX-T Edge Gateway for BGP peering with the second external router.
- An ASN (Autonomous System Number) is assigned to the two NSX-T Edge Gateways.
- iBGP (Internal Border Gateway Protocol) is enabled on the Edge Gateways for connectivity with NSX-T logical routing services.
- The configuration information for eBGP peering with the upstream routing services is saved for the NSX-T Edge Gateways.
The sample switch configuration syntax displayed in Appendix H: Sample switch configuration settings provides guidance on how to configure an Ethernet switch for peering with a pair of Edge Gateways.