The NSX Edge provides routing services and connectivity to network NSX Edges that are external to the NSX-T Data Center deployment. An NSX Edge is required if you want to deploy a tier-0 router or a tier-1 router with stateful services such as network address translation (NAT), VPN, and so on.

Note:

There can be only one tier-0 router per NSX Edge node. However, multiple tier-1 logical routers can be hosted on one NSX Edge node. NSX Edge VMs of different sizes can be combined in the same cluster; however, it is not recommended.

Table 1. NSX Edge Deployment, Platforms, and Installation Requirements
Requirements Description
Supported deployment methods
  • OVA/OVF
  • ISO with PXE
  • ISO without PXE
Supported platforms

NSX Edge is supported only on ESXi or on bare metal.

NSX Edge is not supported on KVM.

PXE installation The Password string must be encrypted with sha-512 algorithm for the root and admin user password.
NSX-T Data Center appliance password
  • At least 12 characters
  • At least one lower-case letter
  • At least one upper-case letter
  • At least one digit
  • At least one special character
  • At least five different characters
  • No dictionary words
  • No palindromes
  • More than four monotonic character sequence is not allowed
Hostname When installing NSX Edge, specify a hostname that does not contain invalid characters such as an underscore. If the hostname contains any invalid character, after deployment the hostname will be set to localhost. For more information about hostname restrictions, see https://tools.ietf.org/html/rfc952 and https://tools.ietf.org/html/rfc1123.
VMware Tools The NSX Edge VM running on ESXi has VMTools installed. Do not remove or upgrade VMTools.
System Verify that the system requirements are met. See NSX Edge VM System Requirements.
Ports Verify that the required ports are open. See Ports and Protocols.
IP Addresses

If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.

Plan your NSX Edge IPv4 or IPv6 IP addressing scheme.

OVF Template
  • Verify that you have adequate privileges to deploy an OVF template on the ESXi host.
  • Verify that hostnames do not include underscores. Otherwise, the hostname is set to localhost.
  • A management tool that can deploy OVF templates, such as vCenter Server or the vSphere Client.

    The OVF deployment tool must support configuration options to allow for a manual configuration.

  • The Client Integration Plug-in must be installed.
NTP Server

The same NTP server must be configured on all NSX Edge VMs or Bare Metal Edges in an Edge cluster.

Intel-based Chipsets

NSX Edge nodes are supported on ESXi-based hosts with Intel chipsets. If an unsupported chipset type is used, vSphere EVC mode may prevent Edge nodes from starting, showing an error message in the console. See NSX Edge VM System Requirements.

AMD EPYC

NSX Edge nodes are also supported on AMD-based chipsets. NSX Edge nodes can now be deployed on AMD EPYC series chipsets. See NSX Edge VM System Requirements.
  • AMD EPYC 7xx1 Series (Naples)
  • AMD EPYC 3000 Embedded Family and newer
  • AMD EPYC 7xx2 Series (Rome)

NSX Edge Support of vSphere Business Continuity Features

Starting in NSX-T Data Center 2.5.1, vMotion, DRS, and vSphere HA are supported for NSX Edge nodes.

NSX Edge VM Support on a Host Configured in Enhanced Mode

In a collapsed cluster topology, where the NSX Edge VM, management VM, and host transport nodes are deployed on a single host, if you want to install an NSX Edge VM on a transport node configured in Enhanced mode, ensure that the host version is ESXi 6.7p02.

NSX Edge Installation Scenarios

Important: When you install NSX Edge from an OVA or OVF file, either from vSphere Web Client or the command line, OVA/OVF property values such as user names, passwords, or IP addresses are not validated before the VM is powered on.
  • If you specify a user name for the admin or audit user, the name must be unique. If you specify the same name, it is ignored and the default names (admin and audit) is used.
  • If the password for the admin user does not meet the complexity requirements, you must log in to NSX Edge through SSH or at the console as the admin user with the password default. You are prompted to change the password.
  • If the password for the audit user does not meet the complexity requirements, the user account is disabled. To enable the account, log in to NSX Edge through SSH or at the console as the admin user and run the command set user audit to set the audit user's password (the current password is an empty string).
  • If the password for the root user does not meet the complexity requirements, you must log in to NSX Edge through SSH or at the console as root with the password vmware. You are prompted to change the password.
Caution: Changes made to the NSX-T Data Center while logged in with the root user credentials might cause system failure and potentially impact your network. You can only make changes using the root user credentials with the guidance of VMware Support team.
Note: The core services on the appliance do not start until a password with sufficient complexity has been set.

After you deploy NSX Edge from an OVA file, you cannot change the VM's IP settings by powering off the VM and modifying the OVA settings from vCenter Server.