A tier-0 gateway has downlink connections to tier-1 gateways and uplink connections to physical networks.
If you are adding a tier-0 gateway from Global Manager in NSX Federation, see Add a Tier-0 Gateway from Global Manager.
- NAT
- Load balancing
- Stateful firewall
- VPN
- IPv4 only
- IPv6 only
- Dual Stack - both IPv4 and IPv6
You can configure the tier-0 gateway to support EVPN (Ethernet VPN) type-5 routes. For more information about configuring EVPN, see Configuring EVPN.
Source Type | Description |
---|---|
Connected Interfaces and Segments | These include external interface subnets, service interface subnets and segment subnets connected to the tier-0 gateway. |
Static Routes | Static routes that you have configured on the tier-0 gateway. |
NAT IP | NAT IP addresses owned by the tier-0 gateway and discovered from NAT rules that are configured on the tier-0 gateway. |
IPSec Local IP | Local IPSEC endpoint IP address for establishing VPN sessions. |
DNS Forwarder IP | Listener IP for DNS queries from clients and also used as source IP used to forward DNS queries to upstream DNS server. |
EVPN TEP IP | This is used to redistribute EVPN local endpoint subnets on the tier-0 gateway. |
Source Type | Description |
---|---|
Connected Interfaces and Segments | These include segment subnets connected to the tier-1 gateway and service interface subnets configured on the tier-1 gateway. |
Static Routes | Static routes that you have configured on the tier-1 gateway. |
NAT IP | NAT IP addresses owned by the tier-1 gateway and discovered from NAT rules that are configured on the tier-1 gateway. |
LB VIP | IP address of the load balancing virtual server. |
LB SNAT IP | IP address or a range of IP addresses used for source NAT by the load balancer. |
DNS Forwarder IP | Listener IP for DNS queries from clients and also used as source IP used to forward DNS queries to upstream DNS server. |
IPSec Local Endpoint | IP address of the IPSec local endpoint. |
On a tier-0 gateway, proxy ARP handles ARP queries for the external and service interface IPs. Starting with NSX-T Data Center 3.0.2, proxy ARP also handles ARP queries for service IPs that are in an IP prefix list that is configured with the Permit action.
Prerequisites
Procedure
What to do next
After the tier-0 gateway is added, you can optionally enable dynamic IP management on the gateway by selecting either a DHCP server profile or a DHCP relay profile. For more information, see Attach a DHCP Profile to a Tier-0 or Tier-1 Gateway.