Prerequisites
- The parent tier-0 gateway needs to be created before the tier-0 VRF gateway instance.
- The parent tier-0 gateway needs to have an external interface before you create an external interface on the tier-0 VRF gateway.
- VLAN tagging (802.1q) is used to differentiate traffic among VRFs. The external interface on tier-0 VRF gateway needs to be connected to a trunk segment with the corresponding access VLAN ID defined in the segment VLAN range.
Procedure
- With admin privileges, log in to NSX Manager.
- Configure the VLAN trunk segment.
- Select Networking > Segments.
- Click Add Segments.
- Enter a name for the segment.
- In Connected Gateway, set the type of connectivity for the segment as None.
- Select a VLAN transport zone.
- Expand the Additional Settings category.
- In VLAN, enter a list or range of VLAN IDs allowed in the trunk segment.
- Click Save.
- Create the parent tier-0 gateway.
The parent tier-0 gateway needs to be created before the tier-0 VRF gateway instance. For more information about configuring a tier-0 gateway, see Add an NSX Tier-0 Gateway.
- Create the tier-0 VRF gateway.
- Select Networking > Tier-0 Gateway.
- Click Add Gateway > VRF.
- Enter a name for the gateway.
- Select a tier-0 gateway in Connect to Tier-0 Gateway.
Note: Some advanced configurations are inherited from the parent tier-0, such as HA mode, edge cluster, internal transit subnet, T0-T1 transit subnets.
- If you are creating a VRF gateway on a Global Manager, In the Location field, select the location for which you want the VRF gateway.
- If you are configuring a VRF gateway on a Global Manager, you can click Add Location to add sites for VRF stretching. Locations are a subset of the parent tier-0 gateway. Note that this button is available only if you had turned on the Multi-VRF Inter SR toggle on for the tier-0 that this VRF will connect to.
Note: Note that you can select the primary/secondary roles for a VRF independent of tier-0 primary/secondary mode.
- Click VRF Settings.
Note: The VRF settings are optional for regular VRF-Lite deployments, but are mandatory for EVPN use cases. For EVPN use cases, see Ethernet VPN (EVPN).
- Under L3 VRF Settings, specify a Route Distinguisher.
If the connected tier-0 gateway has RD Admin Address configured, the Route Distinguisher is automatically populated. Enter a new value if you want to override the assigned Route Distinguisher.
- Click Save and then Yes to continue configuring the VRF gateway.
- Configure the external interfaces on the VRF gateway.
- Expand the Interfaces and GRE Tunnels category.
- In External and Service Interfaces, click Set or the hyperlinked number.
- Click Add Interface.
- Enter a name for the interface.
- Enter the IP address and mask for the external interface.
- In Type, select External.
- In Connected To(Segment), select the trunk segment created from Step 2.
- Select an edge node.
- Enter the Access VLAN ID from the list as configured for the segment.
- Click Save and then Close.
- Configure BGP neighbor for VRF-Lite.
- Click BGP.
- Click the BGP toggle to enable BGP.
- Turn on the Inter SR iBGP toggle to enable inter SR routing. Note that this toggle can be enabled only for an active-active VRF gateway and if you had turned on the Multi-VRF Inter SR toggle on for the tier-0 that this VRF connects to.
- Enter Local AS number.
Note: Leave this field blank to inherit the Local AS number from the parent tier-0 gateway.
You can configure the other advanced BGP settings such as ECMP.
- In the BGP Neighbors field, click Set > Add BGP Neighbor.
- Enter the neighbor IP address.
- Enable BFD if required.
- Enter the Remote AS number of the neighbor.
- Enter the source IP address.
There should be one or more addresses of created external interfaces or loopback.
- Under Route Filter, click Set > Add Route Filter to enable IP Address Family, filters based on prefix lists, and maximum routes received from the BGP neighbor.
- Enable or disable the Allow as-in feature.
This is disabled by default. With this feature enabled, BGP neighbors can receive routes with the same AS, for example, when you have two locations interconnected using the same service provider. This feature applies to all the address families and cannot be applied to specific address families.
- In the Source Addresses field, you can select a source address to establish a peering session with a neighbor using this specific source address. If you do not select any, the gateway will automatically choose one.
- Enter a value for Max Hop Limit.
- In the Graceful Restart field, you can optionally select Disable, Helper Only, or Graceful Restart and Helper.
Note: For EVPN, only the Helper Only mode is supported.
- Enable Configure Neighbor Local AS if required.
- Choose 'Yes' if you want to override the Local AS number for this neighbor
- Choose 'No' if you do not want to override the Local AS number for this neighbor
Note: Neighbor Local AS and AS Path Modifier fields appear after you enable Configure Neighbor Local AS. - Enter the replaced local AS number, which you want to override the Local AS number for this neighbor, in Neighbor Local AS.
- Choose the AS path option in AS Path Modifier:
- Default: BGP prepends neighbor's local AS value to the AS path for both outgoing and incoming route advertisements from the peer neighbor. You can modify the default prepend action on the AS path in both inbound and outbound direction.
- No Prepend: The local router does not prepend the incoming advertisement from the peer with neighbor's local AS. The advertised AS path only prepends the BGP local AS of the router.
- No Prepend Replace AS: The local routes are advertised with the neighbor's local AS instead of the BGP's local AS to peer router.
- Click Add and then Apply.
- Click Save and then Close.
- Re-distribute the routes in the VRF gateway and announce to the BGP neighbors.
- Click Route Re-distribution.
- In the Route Re-distribution field, click Set > Add Route Re-distribution.
- Enter a name for the redistribution policy.
- Click Set to select available sources, such as tier-0 connected interfaces and segments and then click Apply.
- Click Add and then click Apply.
- Make sure that your segments or tier-1 gateways are connected to the tier-0 VRF gateway.