Procedure

  1. Create an NSX Tier-0 Gateway with Active-Standby Mode from the NSX Manager UI and click SAVE.

    Use the below information as a reference while creating the Tier-0 Gateway:

    • Tier-0 Gateway Name: Tier-0

    • HA Mode: Active-Standby

    • Edge Cluster: Select the Edge Cluster from the drop-down.

    For more information about creating NSX Tier-0 Gateway, see Add a Tier-0 Gateway.

  2. Create and configure NSX VLAN segments for Tier-0 Uplink Interfaces from the NSX Manager UI and click SAVE.

    Use the below information while creating the NSX VLAN Segments from the UI.

    Segment 1:

    • Name: External NW

    • VLAN ID: 3088. Use your Lab VLAN ID.

    • Connected Gateway: None

    • Transport Zone: VLAN

    • Subnets: None

    Segment 2:

    • Name: Public NW

    • VLAN ID: 1076. Use your Lab VLAN ID.

    • Connected Gateway: None

    • Transport Zone: VLAN

    • Subnets: None

    For more information about creating NSX Segment from the NSX Manager UI, see Add a Segment.

  3. Configure Tier-0 Gateway External Interfaces from the NSX Manager UI.

    1. Select Networking > Tier-0 Gateways.

    2. Edit Tier-0 Gateway (Three dots)

    3. Expand Interfaces and click Set.

    4. Click Add Interface.

    5. Enter a name: T0 Uplink 1

    6. Select a type: External

    7. Enter an IP address in the CIDR format: 172.16.88.250/24. Use your Lab IP.

    8. Select the segment External NW you created in the previous step.

    9. Select an edge node from the Edge Node drop-down.

    10. Click Save.

    11. Repeat the previous steps for creating another External Interface with the following information:

      • Name: T0 Uplink 2

      • Type: External

      • IP: 10.176.196.250/24. Use your Lab IP.

      • Segment: Public NW

      • Edge Node: Select the same Edge as above.

  4. Configure Routing between Tier-0 Gateway and External Router.
    1. Configure BGP using the below information.

      • Local AS number: 65001

      • Remote AS (External Router): 65000

      • Neighbor IP (External Router): 172.16.88.253

      For more information about configuring BGP, see Configure BGP.

    2. Configure Route Re-Distribution.
  5. Create and Configure NSX Tier-1 Gateway.
    1. Create an NSX Tier-1 Gateway by using the below information.

      1. Name: Tier-1

      2. Select Tier-0 Gateway from the drop-down.

      3. Edge Cluster: Select Edge cluster from the drop-down.

    2. Configure Route Advertisement.

    For more information about configuring Tier-1 Gateway, see Add a Tier-1 Gateway.

  6. Create NSX Enhanced Overlay Segments.
    1. Create NSX Enhanced Overlay Segment with the below information.

      • Name: K8S Management

      • Connected Gateway: Select Tier-1 Gateway

      • Transport Zone: Select Overlay Transport Zone

      • Subnets: 172.168.10.1/24. Use your Lab IP.

      For more information about creating segments, see Add a Segment.

    2. Configure DHCP on an Overlay Segment.

      1. Add DHCP profile.

      2. Configure DHCP on an Overlay Segment.

      Note:

      • You use your local DNS server IP while configuring the DHCP on Segment. Also, configure the DNS forwarding service on your local DNS server to forward the requests to the public DNS server for public/internet access.

      • For more information about configuring DHCP, see Configure DHCP on a Segment.

  7. (Applicable only for non-airgap environment) Configure SNAT rules on Tier-0 Gateway for External and Internet Access.

    For more information about configuring the SNAT rule, see Configure NAT on a Gateway.

    1. Configure SNAT on Tier-1 router for Overlay Segment subnet to reach external network or internet.
    2. Use the IP Address from the Public VLAN network (Uplink is configured on Tier-0 router with public VLAN) as translated address.