An NSX edge gateway provides a routed organization VDC network or a data center group network with connectivity to external networks and IP management properties. It can also provide services such as firewall, network address translation (NAT), IPSec VPN, DNS forwarding, and DHCP, which is enabled by default.

External Network Connectivity

Starting with version 10.4.1, VMware Cloud Director supports configuring external network connections on an NSX edge gateways. Such a connection can be configured only for segment-backed external networks. Your system administrator can connect multiple segment-backed external networks to a single edge gateway. As an organization administrator, you can then configure static route scopes, NAT rules, and firewall rules on the edge gateway to apply to a specific external network connection.

Dedicated Tier-0 Gateways

To provide a fully routed network topology in a virtual data center, your system administrator can dedicate a tier-0 gateway to a specific VMware Cloud Director edge gateway that is backed by NSX.

In this configuration, there is a one-to-one relationship between the tier-0 and the VMware Cloud Director edge gateway, and other edge gateways cannot connect to the external network.

An VMware Cloud Director edge gateway or a VRF gateway that is associated with a dedicated tier-0 is part of the tenant networking stack. The tier-0 gateway is considered a part of the VMware Cloud Director network routing domain.

A dedicated tier-0 provides additional edge gateway routing services, such as route advertisement management and border gateway protocol (BGP) configuration.

You can decide which of the networks that are attached to the edge gateway to advertise to the tier-0 gateway. This makes possible a mixture of NAT-routed and fully routed organization virtual data center networks.