Deploy the universal distributed logical routers (UDLR).

Procedure

  1. Log in to the Compute vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01w01vc01.sfo01.rainpole.local/vsphere-client .
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. Under Inventories, click Networking & Security.
  3. In the Navigator, click NSX Edges.
  4. Select 172.16.11.66 from the NSX Manager drop-down menu.
  5. Click the Add icon to create a new UDLR.
  6. On the Name and description page, enter the following settings, and click Next.

    Setting

    Value

    Universal Logical Router

    Selected

    Name

    sfo01w01udlr01

    Hostname

    sfo01w01udlr01.sfo01.rainpole.local

    Deploy Edge Appliance

    Selected

    Enable High Availability

    Selected

    Enable HA Logging

    Selected

    Log Level

    INFO

  7. On the Settings page, enter the following settings, and click Next.

    Setting

    Value

    User Name

    admin

    Password

    udlr_admin_password 

    Confirm password

    udlr_admin_password

    Enable SSH access

    Selected

    Enable FIPS mode

    Deselected

    Edge Control Level logging

    INFO

  8. On the Configure deployment page, and click the Add icon.
  9. In the Add NSX Edge Appliance dialog box, enter the following settings and click Next.

    Setting

    Value

    Cluster/Resource Pool

    sfo01-w01rp-sddc-edge

    Datastore

    sfo01_shared_edge_and_compute_datastore

    Folder

    sfo01-w01fd-nsx

    Resource Reservation

    System Managed

  10. On the Configure deployment page, and click the Add icon a second time to add a second NSX Edge device.

    The Add NSX Edge Appliance dialog box appears. 

  11. In the Add NSX Edge Appliance dialog box, enter the following settings and click Next.

    Setting

    Value

    Cluster/Resource Pool

    sfo01-w01rp-sddc-edge

    Datastore

    sfo01_shared_edge_and_compute_datastore

    Folder

    sfo01-w01fd-nsx

    Resource Reservation

    System Managed

  12. On the Configure interfaces page, under HA Interface Configuration, click Select and connect to sfo01-w01-vds01-management
  13. On the Configure interfaces page, enter the following configuration settings and click Next.
    1. Enter the following settings in the Add Interface dialog box, and click OK.

      The Add Interface dialog box appears.

      Setting

      Value

      Name

      Uplink

      Type

      Uplink

      Connected To

      Universal Transit Network

      Connectivity Status

      Connected

      Primary IP Address

      192.168.100.3

      Subnet Prefix Length

      24

      MTU

      9000

  14. On the Default gateway settings page, deselect Configure Default Gateway and click Next.
  15. On the Ready to complete page, click Finish.
  16. Allow SSH access in the Universal Distributed Logical Router firewall.
    1. Double-click the device labeled sfo01w01udlr01.
    2. Click the Manage tab and click the Firewall tab.
    3. Click Add icon to create a new firewall rule with the following settings.

      Setting

      Value

      Name

      enableSSH

      Source

      any

      Destination

      any

      Service

      SSH

      Action

      Accept

    4. Click Publish Changes.
      Note:

      Step 17 is optional and applicable only when the shared edge and compute cluster with more than four Hosts.

  17. Configure DRS anti-affinity rules for the UDLR Virtual Machines and ESG Virtual Machines.
    1. Go back to the Home page.
    2. In the Navigator, click Hosts and Clusters, and expand the sfo01m01vc01.sfo01.rainpole.local  tree.
    3. Select the sfo01-m01-mgmt01 cluster, and click the Configure tab.
    4. Under Configuration, click VM/Host Rules.
    5. Select System created UDLR anti-affinity-rule
    6. Click Edit.
    7. In the sfo01-m01-mgmt01 - Edit VM/Host Rule dialog box, enter the following settings and click Ok.

      Setting

      Value

      Name

      anti-affinity-rule-edge-

      Enable rule

      Selected

      Type

      Separate Virtual Machine

    8. Click Add, select the two NSX ESGs, and click OK.
    9. In the sfo01-m01-mgmt01 - Edit VM/Host Rule dialog box, click OK.