A tier-1 gateway is typically connected to a tier-0 gateway in the northbound direction and to segments in the southbound direction.

If you are adding a tier-1 gateway from Global Manager in NSX Federation, see Add a Tier-1 Gateway from Global Manager.

Tier-0 and tier-1 gateways support the following addressing configurations for all interfaces (external interfaces, service interfaces and downlinks) in both single tier and multi-tiered topologies:
  • IPv4 only
  • IPv6 only
  • Dual Stack - both IPv4 and IPv6
To use IPv6 or dual stack addressing, enable IPv4 and IPv6 as the L3 Forwarding Mode in Networking > Networking Settings > Global Networking Config .

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Networking > Tier-1 Gateways.
  3. Click Add Tier-1 Gateway.
  4. Enter a name for the gateway.
  5. (Optional) Select a tier-0 gateway to connect to this tier-1 gateway to create a multi-tier topology.
  6. (Optional) Select an NSX Edge cluster if you want this tier-1 gateway to host stateful services such as NAT, load balancer, or firewall.

    If an NSX Edge cluster is selected, a service router will always be created (even if you do not configure stateful services), affecting the north/south traffic pattern.

  7. (Optional) In the Edges field, click Set to select an NSX Edge node.
  8. If you selected an NSX Edge cluster, select a failover mode or accept the default.
    Option Description
    Preemptive If the preferred NSX Edge node fails and recovers, it will preempt its peer and become the active node. The peer will change its state to standby. This is the default option.
    Non-preemptive If the preferred NSX Edge node fails and recovers, it will check if its peer is the active node. If so, the preferred node will not preempt its peer and will be the standby node.
  9. If you plan to configure a load balancer on this gateway, select an Edges Pool Allocation Size setting according to the size of the load balancer.
    The options are Routing, LB Small, LB Medium, LB Large, and LB XLarge. The default is Routing and is suitable if no load balancer will be configured on this gateway. This parameter allows the NSX Manager to place the tier-1 gateway on the Edge nodes in a more intelligent way. With this setting the number of load balancing and routing functions on each node is taken into consideration. Note that you cannot change this setting after the gateway is created.
  10. (Optional) Click the Enable StandBy Relocation toggle to enable or disable standby relocation.
    Standby relocation means that if the Edge node where the active or standby logical router is running fails, a new standby logical router is created on another Edge node to maintain high availability. If the Edge node that fails is running the active logical router, the original standby logical router becomes the active logical router and a new standby logical router is created. If the Edge node that fails is running the standby logical router, the new standby logical router replaces it.
  11. (Optional) Click Route Advertisement.
    Select one or more of the following:
    • All Static Routes
    • All NAT IP's
    • All DNS Forwarder Routes
    • All LB VIP Routes
    • All Connected Segments and Service Ports
    • All LB SNAT IP Routes
    • All IPSec Local Endpoints
  12. Click Save.
  13. (Optional) Click Route Advertisement.
    1. In the Set Route Advertisement Rules field, click Set to add route advertisement rules.
  14. (Optional) Click Additional Settings.
    1. For IPv6, you can select or create an ND Profile and a DAD Profile.
      These profiles are used to configure Stateless Address Autoconfiguration (SLAAC) and Duplicate Address Detection (DAD) for IPv6 addresses.
    2. Select an Ingress QoS Profile and an Egress QoS Profile for traffic limitations.
      These profiles are used to set information rate and burst size for permitted traffic. See Add a Gateway QoS Profile for more information on creating QoS profiles.
    If this gateway is linked to a tier-0 gateway, the Router Links field shows the link addresses.
  15. (Optional) Click Service Interfaces and Set to configure connections to segments. Required in some topologies such as VLAN-backed segments or one-arm load balancing.
    1. Click Add Interface.
    2. Enter a name and IP address in CIDR format.
      If you configure multicast on this gateway, you must not configure tier-1 addresses as static RP address in the PIM profile.
    3. Select a segment.
    4. In the MTU field, enter a value between 64 and 9000.
    5. For URPF Mode, you can select Strict or None.
      URPF (Unicast Reverse Path Forwarding) is a security feature.
    6. Add one or more tags.
    7. In the ND Profile field, select or create a profile.
    8. Click Save.
  16. (Optional) Click Static Routes and Set to configure static routes.
    1. Click Add Static Route.
    2. Enter a name and a network address in the CIDR or IPv6 CIDR format.
    3. Click Set Next Hops to add next hop information.
    4. Click Save.
  17. (Optional) Click Multicast and then the toggle to enable multicast.
    You must select an Edge cluster for this gateway. Also, this gateway must be linked to a tier-0 gateway that has multicast enabled.

Results

The new gateway is added to the list. For any gateway, you can modify its configurations by clicking the menu icon (3 dots) and select Edit. To reconfigure service interfaces or static routes, you do not need to click Edit. You only need to click the expand icon (right arrow) for the gateway, expand the Service Interfaces or Static Routes section, and click the number that is shown. Note that the number must be non-zero. If it is zero, you must edit the gateway.

If NSX Federation is configured, this feature of reconfiguring a gateway by clicking on an entity is applicable to gateways created by the Global Manager (GM) as well. Note that some entities in a GM-created gateway can be modified by the Local Manager, but others cannot. For example, Static Routes of a GM-created gateway cannot be modified by the Local Manager. Also, from the Local Manager, you can edit existing Service Interfaces of a GM-created gateway but you cannot add an interface.

What to do next

After the tier-1 gateway is added, you can optionally enable dynamic IP management on the gateway by selecting either a DHCP server profile or a DHCP relay profile. For more information, see Attach a DHCP Profile to a Tier-0 or Tier-1 Gateway.