Prerequisites

  • The parent tier-0 gateway needs to be created before the tier-0 VRF gateway instance.
  • The parent tier-0 gateway needs to have an external interface before you create an external interface on the tier-0 VRF gateway.
  • VLAN tagging (802.1q) is used to differentiate traffic among VRFs. The external interface on tier-0 VRF gateway needs to be connected to a trunk segment with the corresponding access VLAN ID defined in the segment VLAN range.

Procedure

  1. With admin privileges, log in to NSX Manager.
  2. Configure the VLAN trunk segment.
    1. Select Networking > Segments.
    2. Click Add Segments.
    3. Enter a name for the segment.
    4. In Connected Gateway, set the type of connectivity for the segment as None.
    5. Select a VLAN transport zone.
    6. Expand the Additional Settings category.
    7. In VLAN, enter a list or range of VLAN IDs allowed in the trunk segment.
    8. Click Save.
  3. Create the parent tier-0 gateway.
    The parent tier-0 gateway needs to be created before the tier-0 VRF gateway instance. For more information about configuring a tier-0 gateway, see Add a Tier-0 Gateway.
  4. Create the tier-0 VRF gateway.
    1. Select Networking > Tier-0 Gateway.
    2. Click Add Gateway > VRF.
    3. Enter a name for the gateway.
    4. Select a tier-0 gateway in Connect to Tier-0 Gateway.
      Note: Some advanced configurations are inherited from the parent tier-0, such as HA mode, edge cluster, internal transit subnet, T0-T1 transit subnets.
    5. Click VRF Settings.
      Note: The VRF settings are optional for regular VRF-Lite deployments, but are mandatory for EVPN use cases. For EVPN use cases, see Ethernet VPN (EVPN).
    6. Under L3 VRF Settings, specify a Route Distinguisher.
      If the connected tier-0 gateway has RD Admin Address configured, the Route Distinguisher is automatically populated. Enter a new value if you want to override the assigned Route Distinguisher.
    7. Click Save and then Yes to continue configuring the VRF gateway.
  5. Configure the external interfaces on the VRF gateway.
    1. Click Interfaces > Set > Add Interface.
    2. Enter a name for the interface.
    3. Enter the IP address and mask for the external interface.
    4. In Type, select External.
    5. In Connected To(Segment), select the trunk segment created from Step 2.
    6. Select an edge node.
    7. Enter the Access VLAN ID from the list as configured for the segment.
    8. Click Save and then Close.
  6. Configure BGP neighbor for VRF-Lite.
    1. Click BGP.
    2. Click the BGP toggle to enable BGP.

      The Local AS number is inherited from the parent tier-0 gateway.

      You can configure the other advanced BGP settings such as ECMP.

    3. In the BGP Neighbors field, click Set > Add BGP Neighbor.
    4. Enter the neighbor IP address.
    5. Enable BFD if required.
    6. Enter the Remote AS number of the neighbor.
    7. Enter the source IP address.
      There should be one or more addresses of created external interfaces or loopback.
    8. Under Route Filter, click Set > Add Route Filter to enable IP Address Family, filters based on prefix lists, and maximum routes received from the BGP neighbor.
    9. Click Add and then Apply.
    10. Click Save and then Close.
  7. Re-distribute the routes in the VRF gateway and announce to the BGP neighbors.
    1. Click Route Re-distribution.
    2. In the Route Re-distribution field, click Set > Add Route Re-distribution.
    3. Enter a name for the redistribution policy.
    4. Click Set to select available sources, such as tier-0 connected interfaces and segments and then click Apply.
    5. Click Add and then click Apply.
  8. Make sure that your segments or tier-1 gateways are connected to the tier-0 VRF gateway.