This section can be bypassed if the Application Virtual Network is not part of the planned Cloud Foundation on VxRail deployment
The Application Virtual Network enables linkage for the vRealize suite of management applications and enables connectivity to the upstream external network. The vRealize components, including vRealize Log Insight, vRealize Life Cycle Manager, vRealize Operations Manager and vRealize Automation, connect to the AVN when deployed. The Log Insight components are deployed at the time the Cloud Foundation management domain is created, while the remaining vRealize components can be deployed after the management domain creation process is complete.
Figure 24 Application Virtual Network (AVN) Overview
During the creation of the Cloud Foundation management domain, the NSX-based logical switches and router needed for AVN are configured, and a pair of NSX edge gateways are also deployed to enable upstream access. The Cloud Foundation build process will perform the following tasks on the edge gateways deployed for the Application Virtual Network:
- Two portgroups on the virtual distributed switch in the VCF management domain are configured for BGP peering
- A VLAN is configured on the first portgroup for establishing an uplink with the first external router
- A VLAN is configured on the second portgroup for establishing an uplink with the second external router
- An IP address is assigned to the first virtual port on each Edge Gateway for BGP peering with the first external router
- An IP address is assigned to the second virtual port on each Edge Gateway for BGP peering with the second external router
- An IP address to connect downstream to the Universal Logical Router is configured on each Edge Gateway
- An ASN (Autonomous System Number) is assigned to the two Edge Gateways and Universal Logical Router
- iBGP (Internal Border Gateway Protocol) is enabled between the Edge Gateways and the Universal Logical Router
- A password to establish peering to each router instance is saved to the Universal Logical Router configuration file
- The ASN for the external router instances is saved to the Universal Logical Router configuration file
- The destination gateway IP address for peering to each external router instance is saved to each Edge Gateway configuration file
Figure 25 BGP relationship between Edge Gateways and external routers
The edge gateways must be able to configure an eBGP peer relationship with the upstream network as part of the Cloud Foundation deployment process. The following tasks must be completed on the upstream switches peering with the ASN Edge Services Gateways:
- A VLAN matching the VLANs assigned for the uplinks on the Edge Gateways must be configured on each router instance.
- A gateway IP address matching the IP address saved to each Edge Gateway must be assigned to the VLAN on each router instance.
- BGP is configured on each router instance.
- The external ASN number configured on each router matches the external ASN value saved to each Edge Gateway.
- The password configured on each router matches the password saved to each Edge Gateway.
- The internal ASN value configured on each router matches the internal ASN value configured on the Edge Gateways.
- The IP addresses configured to establish neighbor relationships on the first router instance matches the IP addresses assigned to the first uplink on Edge Gateway instances.
- The IP addresses configured to establish neighbor relationships on the second router instance matches the IP addresses assigned to the second uplink on Edge Gateway instances.
- The timer ‘keepalive’ value is set to 4.
- The timer ‘holdtime’ is set to 12.
The example switch configuration syntax displayed in Example Switch Configuration Settings for BGP Peering offers guidance on how to configure an Ethernet switch for peering with a pair of Edge Gateways.