You can add a tier-0 gateway from the Global Manager. This gateway can have a span of one or more locations. This span affects the span of the tier-1 gateways and segments attached to it.

Refer to Tier-0 Gateway Configurations in NSX Federation for details about tier-0 gateway configurations in NSX Federation.

The following settings must be kept consistent across locations. If you change these settings from the Global Manager web interface, those changes are automatically applied on all locations. However, if you change these settings using the API, you must manually make the same changes in each location.
  • Local AS
  • ECMP settings
  • Multipath Relax settings
  • Graceful Restart

When you create a tier-0 gateway from Global Manager, you must configure an external interface in each location that the tier-0 is stretched to. Each external interface must be connected to a segment that was created from Global Manager, with the Connectivity set to None and the Traffic type set to VLAN. Refer to Add a Segment from Global Manager. The Edge nodes configured with those external interfaces are used for inter-location communication, even if northbound communication is not needed.



  1. From your browser, log in with admin privileges to the active Global Manager at https://<global-manager-ip-address>.
  2. Select Networking > Tier-0 Gateways.
  3. Enter a name for the gateway.
  4. Select an HA (high availability) mode to configure within each location.

    The default mode is active-active. In the active-active mode, traffic is load balanced across edge nodes in all locations. In the active-standby mode, an elected Edge node processes traffic in each location. If the active node fails, the standby node becomes active.

    Note: Active-standby tier-0 gateways are supported starting in NSX-T Data Center 3.0.1.
  5. If the HA mode is active-standby, select a failover mode.
    Option Description
    Preemptive If the preferred node fails and recovers, it will preempt its peer and become the active node. The peer will change its state to standby.
    Non-preemptive If the preferred node fails and recovers, it will check if its peer is the active node. If so, the preferred node will not preempt its peer and will be the standby node.
  6. (Optional) Add DHCP Config on the gateway. Refer to Attach a DHCP Profile to a Tier-0 or Tier-1 Gateway.
  7. Specify the span of this tier-0 gateway by providing the following details for each location. To add additional locations, click Add Location.
    Option Description
    Location Select the location from the drop-down menu.
    Edge Cluster Select an Edge cluster from this location.

    If you are configuring a stretched tier-0, you must select an Edge cluster that contains Edge nodes that are configured with an RTEP.

    Mode Each location of the tier-0 gateway can have a mode of Primary or Secondary.
    • If the HA mode is Active Active, you can configure the tier-0 gateway with all locations mode set to primary.
      1. Select the Mark all locations as Primary toggle to mark all locations as primary.
    • If the HA mode is Active Active or Active Standby, you can configure the tier-0 gateway with one location set to Primary, and all others set to Secondary.
      1. Select Primary mode for one location. In all other locations, set mode to Secondary.
      2. For secondary locations, you must select a fallback preference.
  8. Click Additional Settings.
    1. In the Internal Transit Subnet field, enter a subnet.
      This is the subnet used for communication between components within this gateway. The default is
    2. In the T0-T1 Transit Subnets field, enter one or more subnets.
      These subnets are used for communication between this gateway and all tier-1 gateways that are linked to it. After you create this gateway and link a tier-1 gateway to it, you will see the actual IP address assigned to the link on the tier-0 gateway side and on the tier-1 gateway side. The address is displayed in Additional Settings > Router Links on the tier-0 gateway page and the tier-1 gateway page. The default is
    3. In the Intersite Transit Subnet field, enter a subnet. This subnet is used for cross-location communication between gateway components. The default is
  9. Click Save.
  10. To configure interfaces, click Interfaces and Set. Configure an external interface for each location that the tier-0 gateway spans.
    1. Click Add Interface.
    2. Enter a name.
    3. Select a location.
    4. Select a type.
      If the HA mode is active-standby, the choices are External, Service, and Loopback. If the HA mode is active-active, the choices are External and Loopback.
      Service interfaces are supported only on gateways that span one location. If the gateway is stretched, service interfaces are not supported.
    5. Enter an IP address in CIDR format.
    6. Select a segment.
      The segment must be created from the Global Manager, with the Connectivity set to None and the Traffic type set to VLAN. Refer to Add a Segment from Global Manager.
    7. If the interface type is not Service, select an NSX Edge node.
    8. (Optional) If the interface type is not Loopback, enter an MTU value.
    9. Skip PIM configuration.
      Multicast is not supported in NSX Federation.
    10. (Optional) Add tags and select an ND profile.
    11. (Optional) If the interface type is External, for URPF Mode, you can select Strict or None.
      URPF (Unicast Reverse Path Forwarding) is a security feature.
    12. (Optional) After you create an interface, you can download the aggregate of ARP proxies for the gateway by clicking the menu icon (three dots) for the interface and selecting Download ARP Proxies.

      You can also download the ARP proxy for a specific interface by expanding a gateway and then expanding Interfaces. Click an interface and click the menu icon (three dots) and select Download ARP Proxy.

      Note: You cannot download the ARP proxy for loopback interfaces.
  11. Click Routing to add IP prefix lists, community lists, static routes, and route maps.

    When you add a static route on a tier-0 gateway, the default behavior is that the static routes are pushed to all locations configured on the gateway. However, the routes are enabled only on the primary locations. This ensures that on the secondary locations, the routes that are learned from the primary location are preferred.

    If you want to change this behavior, you can use the Enabled on Secondary setting and the Scope setting.

    If you select Enabled on Secondary, the static route is also enabled on the secondary locations.

    When you add a next hop for a static route, you can set the Scope. The scope can be an interface, a gateway, or a segment. On a tier-0 gateway created from Global Manager, the scope can also be a location. You can use the scope setting to configure different next hops for each location.

  12. Click BGP to configure BGP.

    When you configure BGP on a tier-0 gateway from the Global Manager, most settings apply to all locations.

    Some of the settings within the BGP configuration, such as Route Aggregation and BGP Neighbors prompt you to provide separate values for each location.

    Refer to Configure BGP for more information about configuring BGP.

  13. To configure route redistribution, click Route Redistribution, and for each location, click Set.
    Select one or more of the sources:
    • Tier-0 subnets: Static Routes, NAT IP, IPSec Local IP, DNS Forwarder IP, EVPN TEP IP, Connected Interfaces & Segments.

      Under Connected Interfaces & Segments, you can select one or more of the following: Service Interface Subnet, External Interface Subnet, Loopback Interface Subnet, Connected Segment.

    • Advertised tier-1 subnets: DNS Forwarder IP, Static Routes, LB VIP, NAT IP, LB SNAT IP, IPSec Local Endpoint, Connected Interfaces & Segments.

      Under Connected Interfaces & Segments, you can select Service Interface Subnet and/or Connected Segment.

What to do next

Set up a tier-1 gateway from Global Manager.