A standalone tier-1 logical router has no downlink and no connection to a tier-0 router. It has a service router but no distributed router. The service router can be deployed on one NSX Edge node or two NSX Edge nodes in active-standby mode.

A standalone tier-1 logical router:
  • Must not have a connection to a tier-0 logical router.
  • Can have only one centralized service port (CSP) if it is used to attach a load balancer (LB) service.
  • Can connect to an overlay logical switch or a VLAN logical switch.
  • Supports any combination of the services IPSec, NAT, firewall, load balancer, and service insertion. For ingress, the order of processing is: IPSec – DNAT – firewall – load balancer - service insertion. For egress, the order of processing is: service insertion - load balancer - firewall - SNAT - IPSec.

Typically, a standalone tier-1 logical router is connected to a logical switch that a regular tier-1 logical router is also connected to. The standalone tier-1 logical router can communicate with other devices through the regular tier-1 logical router after static routes and route advertisements are configured.

Before using the standalone tier-1 logical router, note the following:
  • To specify the default gateway for the standalone tier-1 logical router, you must add a static route. The subnet should be and the next hop is the IP address of a regular tier-1 router connected to the same switch.
  • ARP proxy on the standalone router is supported. You can configure an LB virtual server IP or LB SNAT IP in the CSP's subnet. For example, if the CSP IP is, the virtual IP can be It can also be an IP in another subnet such as if routing is properly configured so that traffic for can reach the standalone router.
  • For an NSX Edge VM, you cannot have more than one CSPs which are connected to the same VLAN-backed logical switch or different VLAN-backed logical switches that have the same VLAN ID.


Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure the User Interface Settings.


  1. With admin privileges, log in to NSX Manager.
  2. Select Networking > Tier-1 Logical Routers > Add.
  3. Enter a name for the logical router, and optionally a description.
  4. (Required) Select an NSX Edge cluster to connect to this tier-1 logical router.
  5. (Required) Select a failover mode and cluster members.
    Option Description
    Preemptive If the preferred node fails and recovers, it will preempt its peer and become the active node. The peer will change its state to standby. This is the default option.
    Non-preemptive If the preferred node fails and recovers, it will check if its peer is the active node. If so, the preferred node will not preempt its peer and will be the standby node.
  6. Click Add.
  7. Click the name of the router that you just created.
  8. Click the Configuration tab and select Router Ports.
  9. Click Add.
  10. Enter a name for the router port and optionally a description.
  11. In the Type field, select Centralized.
  12. For URPF Mode, select Strict or None.
    URPF (Unicast Reverse Path Forwarding) is a security feature.
  13. (Required) Select a logical switch.
  14. Select whether this attachment creates a switch port or updates an existing switch port.
  15. Enter the router port IP address in CIDR notation.
  16. Click Add.