A virtual routing and forwarding (VRF) gateway makes it possible for multiple instances of a routing table to exist within the same gateway at the same time. VRFs are the layer 3 equivalent of a VLAN. A VRF gateway must be linked to a tier-0 gateway. From the tier-0 gateway, the VRF gateway inherits the HA mode, Edge cluster, internal transit subnet, T0-T1 transit subnets, and BGP routing configuration.

If you are using NSX Federation, you can use the Global Manager to create a VRF gateway on a tier-0 gateway if the tier-0 spans only one location. VRF gateway is not supported on stretched tier-0 gateways in NSX Federation. EVPN is not supported in NSX Federation.

Note that even though a VRF gateway has an HA mode, it does not have a mechanism to respond to a communication failure that is independent of the tier-0 gateway's mechanism. If a VRF gateway loses connectivity to a neighbor but the criteria for the tier-0 gateway to fail over are not met, the VRF gateway will not fail over. The only time a VRF gateway will fail over is when the tier-0 gateway does a failover.

Prerequisites

For VRF gateways on EVPN, ensure that you configure the EVPN settings for the tier-0 gateway that you want to link to. These settings are only needed to support EVPN:
  • Specify a VNI pool on the tier-0 gateway.
  • Set the EVPN local tunnel endpoints on the tier-0 gateway.
For more information, see Configuring EVPN.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Networking > Tier-0 Gateway.
  3. Click Add Gateway > VRF.
  4. Enter a name for the gateway.
  5. Select a tier-0 gateway.
  6. Click VRF Settings.
    These settings are only needed to support EVPN. Make sure that the tier-0 gateway has EVPN configured.
    1. Under L3 VRF Settings, specify a Route Distinguisher.
      If the connected tier-0 gateway has RD Admin Address configured, the Route Distinguisher is automatically populated. Enter a new value if you want to override the assigned Route Distinguisher.
    2. Under L3 VRF Settings, in the Route Targets field, click Set to add route targets.
      For each route target, select a mode, which can be Auto or Manual. Specify one or more Import Route Targets. Specify one or more Export Route Targets.
    3. (For Inline mode only) Under L3 VRF Settings, specify an EVPN Transit VNI.
    4. (For Route Server mode only) In the L2 VNI field, click Set to add an L2 VNI..
      Select an L2 VNI from the dropdown list. Also specify a Route Distinguisher and set Route Targets.
  7. Click Save and then Yes to continue configuring the VRF gateway.
  8. For VRF-lite, configure one or more external interfaces on the VRF gateway with an Access VLAN ID and connect to a VLAN Segment.
  9. For EVPN Inline mode, configure one or more service interfaces on the VRF gateway with an Access VLAN ID and connect to an Overlay Segment. See Add a Segment. VRF interfaces require existing external interfaces on the linked tier-0 gateway to be mapped to each edge node. The Segment connected to the Access interface needs to have VLAN IDs configured in range or list format.
  10. For EVPN Route Server mode, add a service interface on the VRF gateway for each Edge node and connect to the VRF segment with the same L2 VNI as the VRF gateway.
  11. Click BGP to set BGP, ECMP, Route Aggregation, and BGP Neighbours. You can add a route filter with IPv4/IPv6 address families. See Add a Tier-0 Gateway.
  12. Click Routing and complete routing configuration. For supporting route leaking between the VRF gateway and linked tier-0 gateway/peer VRF gateway, you can add a static route and select Next Hop scope as the linked tier-0 gateway, or as one of the existing peer VRF gateways. See Add a Tier-0 Gateway.