Deploy the universal distributed logical router (UDLR).

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. Under Inventories, click Networking & Security.
  3. In the Navigator, click NSX Edges.
  4. Select 172.16.11.65 from the NSX Manager drop-down menu.
  5. Click the Add icon to create a new UDLR.
  6. Complete the New NSX Edge wizard to deploy and configure the UDLR.
    1. On the Name and description page, enter the following settings and click Next.

      Setting

      Value

      Logical (Distributed) Router

      Selected

      Name

      sfo01m01udlr01

      Deploy Edge Appliance

      Selected

      Enable High Availability

      Selected

      Enable HA Logging

      Selected

      Log Level

      INFO

    2. On the Settings page, enter the following settings and click Next.

      Setting

      Value

      User Name

      admin

      Password

      udlr_admin_password 

      Confirm password

      udlr_admin_password 

      Enable SSH access

      Selected

      Enable FIPS mode

      Deselected

      Edge Control Level logging

      INFO

    3. On the Configure deployment page, click the Add icon. 
    4. In the Add NSX Edge Appliance dialog box, enter the following settings and click OK.

      Setting

      Value

      Cluster/Resource Pool

      sfo01-m01-mgmt01

      Datastore

      sfo01-m01-vsan01

      Folder

      sfo01-m01fd-nsx

      Resource Reservation

      System Managed

    5. On the Configure deployment page, click the Add icon a second time to add a second NSX Edge device. 
    6. In the Add NSX Edge Appliance dialog box, enter the following settings and click OK.

      Setting

      Value

      Cluster/Resource Pool

      sfo01-m01-mgmt01

      Datastore

      sfo01-m01-vsan01

      Folder

      sfo01-m01fd-nsx

      Resource Reservation

      System Managed

    7. On the Configure interfaces page, under HA Interface Configuration, click Change and connect to sfo01-m01-vds01-management.
    8. On the Configure interfaces page, under Configure interfaces of this NSX Edge, click the Add icon to configure the interface.
    9. In the Add Interface dialog box, enter the following settings, click OK, and click Next.

      Setting

      Value

      Name

      Uplink

      Type

      Uplink

      Connected To

      Universal Transit Network

      Connectivity Status

      Connected

      Primary IP Address

      192.168.10.3

      Subnet Prefix Length

      24

      MTU

      9000

    10. On the Default gateway settings page, deselect Configure Default Gateway and click Next.
    11. On the Ready to complete page, click Finish.
  7. Enable SSH access in the Universal Distributed Logical Router firewall.
    1. Double-click the device labeled sfo01m01udlr01.
    2. Click the Manage tab and click the Firewall tab.
    3. Click Add icon to create a new firewall rule with the following settings.

      Setting

      Value

      Name

      enableSSH

      Source

      any

      Destination

      any

      Service

      SSH

      Action

      Accept

    4. Click Publish Changes.
      Note:

      Step 8 is optional and applicable only when the management cluster with more than four Hosts.

  8. Configure DRS anti-affinity rules for the UDLR Virtual Machines and ESG Virtual Machines.
    1. Go back to the Home page.
    2. In the Navigator, click Hosts and Clusters, and expand the sfo01m01vc01.sfo01.rainpole.local  tree.
    3. Select the sfo01-m01-mgmt01 cluster, and click the Configure tab.
    4. Under Configuration, click VM/Host Rules.
    5. Select System created UDLR anti-affinity-rule
    6. Click Edit.
    7. In the sfo01-m01-mgmt01 - Edit VM/Host Rule dialog box, enter the following settings and click Ok.

      Setting

      Value

      Name

      anti-affinity-rule-edge-

      Enable rule

      Selected

      Type

      Separate Virtual Machine

    8. Click Add, select the two NSX ESGs, and click OK.
    9. In the sfo01-m01-mgmt01 - Edit VM/Host Rule dialog box, click OK.