Starting with VMware Integrated OpenStack 4.0, you can configure dynamic routing for your provider and tenants.

You must first create a VXLAN external network that you later use as internal interface for your gateway edges.


  • You must use NSX Data Center for vSphere as your virtual network provider.


  1. Create IPv4 address scope for future tenant subnets and the external VXLAN network subnet.

    neutron address-scope-create scope_name 4

  2. Create a provider subnet pool.

    Replace scope_name with the name of the address scope that you created earlier.

    neutron subnetpool-create --pool-prefix --default-prefixlen 24 provider_pool_name --address-scope scope_name

  3. Create a self-service subnet pool for tenant networks.

    Replace scope_name with the name of the address scope that you created earlier.

    neutron	subnetpool-create --pool-prefix --default-prefixlen 26 selfservice	--address-scope scope_name --shared

  4. Create the external VXLAN network.

    The following command creates a new logical switch in NSX Data Center for vSphere.

    neutron net-create --provider:network_type vxlan --router:external external_VXLAN_network_name
  5. Create the external VXLAN subnet.

    Replace provider_pool_name with the name of the provider pool that you created earlier. Replace external_VXLAN_network_name with the name of the network that you created earlier.

    neutron subnet-create --no-gateway --name ext_vxlan_subnet_name --disable-dhcp --allocation-pool start=start_IP,end=end_IP --subnetpool provider_pool_name external_VXLAN_network_name NETWORK[CIDR]

  6. Create BGP peering gateway edges by using the nsxadmin utility.

    Gateway edges use the management network as external interface and the external network that you created as internal interface.

    nsxadmin -r bgp-gw-edge -o create --property name=name_GW-EDGE1 --property local-as=65001 --property external-iface=morefid:mgtnetwork --property internal-iface=morefid:internal_interface_network_GW-EDGE1
    nsxadmin -r bgp-gw-edge -o create --property name=name_GW-EDGE2 --property local-as=65001 --property external-iface=morefid:mgtnetwork --property internal-iface=morefid:internal_interface_network_GW-EDGE2
  7. Update the NSX Edges with BGP advertisement.

    Use the IDs of the edges that you created in the previous step.

    nsxadmin -r routing-redistribution-rule -o create --property gw-edge-ids=edge-ID_GW-EDGE1,edge-ID_GW-EDGE2 --property learner-protocol=bgp --property learn-from=connected,bgp --property action=permit 
  8. Update the NSX Edges with BGP neighbors.

    Use the IDs of the edges that you created earlier.

    nsxadmin -r bgp-neighbour -o create --property gw-edge-ids=edge-ID_GW-EDGE1,edge-ID_GW-EDGE2 --property ip-address=IP_physical_router1 --property remote-as=65000 --property password=BGP_password
    nsxadmin -r bgp-neighbour -o create --property gw-edge-ids=edge-ID_GW-EDGE1,edge-ID_GW-EDGE2 --property ip-address=IP_physical_router2 --property remote-as=65000 --property password=BGP_password
  9. Update your physical routers.
    1. Set AS value to 65000.
    2. Set BGP neighbours to name_GW-EDGE1 and name_GW-EDGE2.
    3. Set to advertise itself as dynamic gateway.
  10. Create and configure the BGP Speaker.
    1. Create the BGP speaker.
      neutron bgp-speaker-create --local-as local_as_value name_bgp_speaker
    2. Create BGP peers.
      neutron bgp-peer-create --peer-ip internal_interface_network_GW-EDGE1 --remote-as 65001 --password BGP_password --auth-type md5 name_GW-EDGE1 --esg-id edge-ID_GW-EDGE1
      neutron bgp-peer-create --peer-ip internal_interface_network_GW-EDGE2 --remote-as 65001 --password BGP_password --auth-type md5 name_GW-EDGE2 --esg-id edge-ID_GW-EDGE2
    3. Add the BGP peer to the BGP speaker.
      neutron bgp-speaker-peer-add name_bgp_speaker name_GW-EDGE1 
      neutron bgp-speaker-peer-add name_bgp_speaker name_GW-EDGE2
    4. Associate the speaker with the VXLAN network.
      neutron bgp-speaker-network-add name_bgp_speaker external_VXLAN_network_name
  11. (Optional) Create BGP routers for tenants.

    Tenant users can create their BGP routers. The tenant user must be admin to configure a router without SNAT.

    1. Create two logical switches for a tenant and subnet pools for them.
      neutron net-create name_Tenant1_LS1
      neutron subnet-create --name name_network_Tenant1-LS1 name_Tenant1_LS1 --subnetpool selfservice
      neutron net-create name_Tenant1_LS2
      neutron subnet-create --name name_network_Tenant1-LS2 name_Tenant1_LS2 --subnetpool selfservice
    2. Create a router with BGP configuration.

      BGP works with all OpenStack Logical Routers form factors : shared , distributed , and exclusive.

      neutron router-create name_Tenant1-LR --router_type=exclusive
      neutron router-interface-add name_Tenant1-LR name_network_Tenant1-LS1
      neutron router-interface-add name_Tenant1-LR name_network_Tenant1-LS2
      neutron router-gateway-set name_Tenant1-LR --disable-snat external_VXLAN_network_name


BGP dynamic routing is now configured on the provider side and tenants can also use it.