A tier-0 gateway has downlink connections to tier-1 gateways and external connections to physical networks.
If you are adding a tier-0 gateway from Global Manager in NSX Federation, refer to Add a Tier-0 Gateway from Global Manager.
- NAT
- Load balancing
- Stateful firewall
- VPN
- IPv4 only
- IPv6 only
- Dual Stack - both IPv4 and IPv6
You can configure the tier-0 gateway to support EVPN (Ethernet VPN). For more information about configuring EVPN, refer to Ethernet VPN (EVPN).
Source Type | Description |
---|---|
Connected Interfaces and Segments | Redistribute all subnets configured on Interfaces and routes related to tier-0 segments, tier-0 DNS Forwarder IP, tier-0 IPsec Local IP, tier-0 NAT types. Redistribute subnets configured on segments connected to tier-0. |
Static Routes | Redistribute static routes that you have configured on the tier-0 gateway. |
NAT IP | Redistribute NAT IPs owned by tier-0 and discovered from NAT rules that are configured on the tier-0 gateway. |
IPsec Local IP | Redistribute local IPsec endpoint IP address for establishing VPN sessions. Redistribute IPsec subnets. |
DNS Forwarder IP | Redistribute listener IP for DNS queries from clients and also used as source IP used to forward DNS queries to upstream DNS server. Redistribute DNS forwarder subnets. |
EVPN TEP IP | Redistribute EVPN local endpoint subnets on Tier-0. |
Inter VRF Static | Redistribute IPs advertised by tier-0 or VRF instances. |
Router Link | Redistribute router link port subnets on tier-0 gateways. |
Source Type | Description |
---|---|
Connected Interfaces and Segments |
|
Static Routes | Redistribute all subnets and static routes advertised by tier-1 gateways or NSX VPCs. |
NAT IP | Redistribute NAT IP addresses owned by the tier-1 gateway or NSX VPC and discovered from NAT rules that are configured on the tier-1 gateway or NSX VPC. |
LB VIP | Redistribute IP address of the load balancing virtual server. |
LB SNAT IP | Redistribute IP address or a range of IP addresses used for source NAT by the load balancer. |
DNS Forwarder IP | Redistribute Listener IP for DNS queries from clients and also used as source IP used to forward DNS queries to upstream DNS server. |
IPsec Local Endpoint | Redistribute IP address of the IPsec local endpoint. |
Proxy ARP is automatically enabled on a tier-0 gateway when a NAT rule or a load balancer VIP uses an IP address from the subnet of the tier-0 gateway external interface. By enabling proxy-ARP, hosts on the overlay segments and hosts on a VLAN segment can exchange network traffic together without implementing any change in the physical networking fabric.
For a detailed example of a packet flow in a proxy ARP topology, refer to the NSX Reference Design Guide on the VMware Communities portal.
Proxy ARP is supported on a tier-0 gateway in an active-standby configuration, and it responds to ARP queries for the external and service interface IPs. Proxy ARP also responds to ARP queries for service IPs that are in an IP prefix list that is configured with the Permit action.
Proxy ARP is also supported on a tier-0 gateway in an active-active configuration. However, all the Edge nodes in the active-active tier-0 configuration must have directly reachability to the network on which proxy ARP is required. In other words, you must configure the external interface and the service interface on all the Edge nodes that are participating in the tier-0 gateway for the proxy ARP to work.
Starting with NSX 4.1.1, you can find out the total number of routes for a tier-0 gateway with the following APIs. For more information about the APIs, refer to the NSX API Guide.
GET /policy/api/v1/infra/tier-0s/{tier-0-id}/number-of-routes GET /policy/api/v1/global-infra/tier-0s/{tier-0-id}/number-of-routes
Prerequisites
- If you plan to configure multicast, refer to Configuring Multicast on an NSX Tier-0 or Tier-1.
- If you plan to configure the gateway DHCP server, refer to Attach an NSX DHCP Profile to a Tier-0 or Tier-1 Gateway.
Procedure
Results
- In the Interfaces section: External and Service Interfaces.
- In the Routing section: IP Prefix Lists, Static Routes, Static Route BFD Peer, Community Lists, Route Maps.
- In the BGP section: BGP Neighbors.
If NSX Federation is configured, this feature of reconfiguring a gateway by clicking on an entity is applicable to gateways created by the Global Manager (GM) as well. Note that some entities in a GM-created gateway can be modified by the Local Manager, but others cannot. For example, IP Prefix Lists of a GM-created gateway cannot be modified by the Local Manager. Also, from the Local Manager, you can edit existing External and Service Interfaces of a GM-created gateway but you cannot add an interface.