This topic provides instructions for creating the NSX-T objects for the TKGI Management Plane.

Prerequisites

Before completing this section, make sure you have completed the following sections:

Create Management Plane

Networking for the TKGI Management Plane consists of a Tier-1 Router and Switch with NAT Rules for the Management Plane VMs.

Create Tier-1 Router and Switch

Create Tier-1 Logical Switch and Router for TKGI Management Plane VMs. Complete the configuration by enabling Route Advertisement on the T1 router.

  1. In the NSX Management console, navigate to Networking > Logical Switches.

  2. Click Add.

  3. Create the LS for TKGI Management plane VMs:

    • Name: LS-PKS-MGMT
    • Transport Zone: tz-overlay
  4. Click Add and verify creation of the T1 logical switch.

  5. Go to Networking > Tier-1 Logical Router.

  6. Click Add.

  7. Configure the Tier-1 logical router as follows:

    • Name: T1-PKS-MGMT
    • To router: T0-router
    • Edge Cluster: edge-cluster-1
    • Edge Cluster Members: edge-node-1 and edge-node-2
  8. Click Add and verify.

  9. Select the T1 router and go to Configuration > Router port.

  10. Click Add.

  11. Configure the T1 router port as follows:

    • Name: T1-PKS-MGMT-port
    • Logical Switch: LS-PKS-MGMT
    • Subnet: 10.1.1.1/24
  12. Click Add and verify.

  13. Select Routing tab.

  14. Click Edit and configure route advertisement as follows:

    • Status: Enabled
    • Advertise All Connected Routes: Yes
  15. Click Save and verify.

Create NAT Rules

You need to create the following NAT rules on the Tier-0 router for the TKGI Management Plane VMs.

  • DNAT: 10.173.62.220 (for example) to access Ops Manager
  • DNAT: 10.173.62.221 (for example) to access Harbor
  • SNAT: 10.173.62.222 (for example) for all TKGI management plane VM traffic destined to the outside world

  • In the NSX Management console, navigate to Networking > NAT.

  • In the Logical Router field, select the T0-router you defined for TKGI.

  • Click Add.

  • Configure the Ops Manager DNAT rule as follows:

    • Priority: 1000
    • Action: DNAT
    • Protocol: Any Protocol
    • Destination IP: 10.173.62.220, for example
    • Translated IP: 10.1.1.2, for example
  • Click Add and verify.

  • Add a second DNAT rule for Harbor by repeating the same operation.

    • Priority: 1000
    • Action: DNAT
    • Protocol: Any Protocol
    • Destination IP: 10.173.62.221, for example
    • Translated IP: 10.1.1.6, for example
  • Verify the creation of the DNAT rules.

  • Create the SNAT rule for the management plane traffic as follows:

    • Priority: 9024
    • Action: SNAT
    • Protocol: Any Protocol
    • Source IP: 10.1.1.0/24, for example
    • Translated IP: 10.173.62.222, for example
  • Verify the creation of the SNAT rule.

Next Steps

Configure the NSX-T Password Interval

check-circle-line exclamation-circle-line close-line
Scroll to top icon