A tier-0 gateway has downlink connections to tier-1 gateways and uplink connections to physical networks.

You can configure the HA (high availability) mode of a tier-0 gateway to be active-active or active-standby. The following services are only supported in active-standby mode:
  • NAT
  • Load balancing
  • Stateful firewall
  • VPN
If you configure route redistribution for the tier-0 gateway, you can select from two groups of sources: tier-0 subnets and advertised tier-1 subnets. The sources in the tier-0 subnets group are:
Source Type Description
Connected Interfaces and Segments These include external interface subnets, service interface subnets and segment subnets connected to the tier-0 gateway.
Static Routes Static routes that you have configured on the tier-0 gateway.
NAT IP NAT IP addresses owned by the tier-0 gateway and discovered from NAT rules that are configured on the tier-0 gateway.
IPSec Local IP Local IPSEC endpoint IP address for establishing VPN sessions.
DNS Forwarder IP Listener IP for DNS queries from clients and also used as source IP used to forward DNS queries to upstream DNS server.
The sources in the advertised tier-1 subnets group are:
Source Type Description
Connected Interfaces and Segments These include segment subnets connected to the tier-1 gateway and service interface subnets configured on the tier-1 gateway.
Static Routes Static routes that you have configured on the tier-1 gateway.
NAT IP NAT IP addresses owned by the tier-1 gateway and discovered from NAT rules that are configured on the tier-1 gateway.
LB VIP IP address of the load balancing virtual server.
LB SNAT IP IP address or a range of IP addresses used for source NAT by the load balancer.
DNS Forwarder IP Listener IP for DNS queries from clients and also used as source IP used to forward DNS queries to upstream DNS server.
IPSec Local Endpoint IP address of the IPSec local endpoint.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Networking > Tier-0 Gateways.
  3. Click Add Tier-0 Gateway.
  4. Enter a name for the gateway.
  5. Select an HA (high availability) mode.
    The default mode is active-active. In the active-active mode, traffic is load balanced across all members. In active-standby mode, all traffic is processed by an elected active member. If the active member fails, a new member is elected to be active.
    Important: After you create the gateway, the HA mode cannot be changed.
  6. If the HA mode is active-standby, select a failover mode.
    Option Description
    Preemptive If the preferred node fails and recovers, it will preempt its peer and become the active node. The peer will change its state to standby.
    Non-preemptive If the preferred node fails and recovers, it will check if its peer is the active node. If so, the preferred node will not preempt its peer and will be the standby node.
  7. (Optional) Select an NSX Edge cluster.
  8. (Optional) Add one or more tags.
  9. (Optional) Click Additional Settings.
    1. In the Internal Transit Subnet field, enter a subnet.
      This is the subnet used for communication between components within this gateway. The default is 169.254.0.0/28.
    2. In the T0-T1 Transit Subnets field, enter one or more subnets.
      These subnets are used for communication between this gateway and all tier-1 gateways that are linked to it. After you create this gateway and link a tier-1 gateway to it, you will see the actual IP address assigned to the link on the tier-0 gateway side and on the tier-1 gateway side. The address is displayed in Additional Settings > Router Links on the tier-0 gateway page and the tier-1 gateway page. The default is 100.64.0.0/16.
    3. Select an ND Profile and a DAD Profile for IPv6 address configuration.
      These profiles are used to configure Stateless Address Autoconfiguration (SLAAC) and Duplicate Address Detection (DAD) for IPv6 addresses. The default profile is created.
  10. Click Save.
  11. To configure route redistribution, click Route Redistribution and Set.
    Select one or more of the sources:
    • Tier-0 subnets: Static Routes, NAT IP, IPSec Local IP, DNS Forwarder IP, Connected Interfaces & Segments.

      Under Connected Interfaces & Segments, you can select one or more of the following: Service Interface Subnet, External Interface Subnet, Loopback Interface Subnet, Connected Segment.

    • Advertised tier-1 subnets: DNS Forwarder IP, Static Routes, LB VIP, NAT IP, LB SNAT IP, IPSec Local Endpoint, Connected Interfaces & Segments.

      Under Connected Interfaces & Segments, you can select Service Interface Subnet and/or Connected Segment.

  12. To configure interfaces, click Interfaces and Set.
    1. Click Add Interface.
    2. Enter a name.
    3. Select a type.
      If the HA mode is active-standby, the choices are External, Service, and Loopback. If the HA mode is active-active, the choices are External and Loopback.
    4. Enter an IP address in CIDR format.
    5. Select a segment.
    6. If the interface type is not Service, select an NSX Edge node.
    7. (Optional) If the interface type is not Loopback, enter an MTU value.
    8. (Optional) Add tags and select an ND profile.
  13. (Optional) If the HA mode is active-standby, click Set next to HA VIP Configuration to configure HA VIP.
    With HA VIP configured, the tier-0 gateway is operational even if one uplink is down. The physical router interacts with the HA VIP only.
    1. Click Add HA VIP Configuration.
    2. Enter an IP address and subnet mask.
      The HA VIP subnet must be the same as the subnet of the interface that it is bound to.
    3. Select 2 interfaces.
  14. Click Routing to add IP prefix lists, community lists, static routes, and route maps.
  15. Click BGP to configure BGP.
  16. Click Advanced Configuration to go to the Advanced Networking & Security > Routers page to make additional configurations.
    1. To configure the layer 3 forwarding mode, click the Global Config tab.
    2. Click Edit.
    3. Select IPv4 or IPv4 and IPv6.
      The default is IPv4 only. IPv6 only is not supported. To enable IPv6, select IPv4 and IPv6.
    4. Click Save.