Deploy the distributed logical router (DLR).

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://nyc01r01vc01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. Under Inventories, click Networking & Security.
  3. In the Navigator, click NSX Edges.
  4. Select 172.18.11.65 from the NSX Manager drop-down menu.
  5. Click the Add icon to create a new DLR.
  6. Complete the New NSX Edge wizard to deploy and configure the DLR.
    1. On the Name and description page, enter the following settings and click Next.

      Setting

      Value

      Logical (Distributed) Router

      Selected

      Name

      nyc01r01dlr01

      Deploy Edge Appliance

      Selected

      Enable High Availability

      Selected

      Enable HA Logging

      Selected

      Log Level

      INFO

    2. On the Settings page, enter the following settings and click Next.

      Setting

      Value

      User Name

      admin

      Password

      dlr_admin_password 

      Confirm password

      dlr_admin_password 

      Enable SSH access

      Selected

      Enable FIPS mode

      Deselected

      Edge Control Level logging

      INFO

    3. On the Configure deployment page, click the Add icon. 
    4. In the Add NSX Edge Appliance dialog box, enter the following settings and click OK.

      Setting

      Value

      Cluster/Resource Pool

      nyc01-sddc-edge

      Datastore

      nyc01-r01-vsan01

      Folder

      nyc01-r01fd-nsx

      Resource Reservation

      System Managed

    5. On the Configure deployment page, click the Add icon a second time to add a second NSX Edge device. 
    6. In the Add NSX Edge Appliance dialog box, enter the following settings and click OK.

      Setting

      Value

      Cluster/Resource Pool

      nyc01-sddc-edge

      Datastore

      nyc01-r01-vsan01

      Folder

      nyc01-r01fd-nsx

      Resource Reservation

      System Managed

    7. On the Configure interfaces page, under HA Interface Configuration, click Change and connect to nyc01-r01-vds01-management.
    8. On the Configure interfaces page, under Configure interfaces of this NSX Edge, click the Add icon to configure the interface.
    9. In the Add Interface dialog box, enter the following settings, click OK, and click Next.

      Setting

      Value

      Name

      Transit Network

      Type

      Uplink

      Connected To

      Transit Network

      Connectivity Status

      Connected

      Primary IP Address

      172.18.18.3

      Subnet Prefix Length

      24

      MTU

      9000

    10. On the Default gateway settings page, deselect Configure Default Gateway and click Next.
    11. On the Ready to complete page, click Finish.
  7. Enable SSH access in the Distributed Logical Router firewall.
    1. Double-click the device labeled nyc01r01dlr01.
    2. Click the Manage tab and click the Firewall tab.
    3. Click Add icon to create a new firewall rule with the following settings.

      Setting

      Value

      Name

      enableSSH

      Source

      any

      Destination

      any

      Service

      SSH

      Action

      Accept

    4. Click Publish Changes.
      Note:

      Step 8 is optional and applicable only when the management cluster has more than four hosts.

  8. Configure DRS anti-affinity rules for the UDLR Virtual Machines and ESG Virtual Machines.
    1. Go back to the Home page.
    2. In the Navigator, click Hosts and Clusters, and expand the nyc01r01vc01.rainpole.local  tree.
    3. Select the nyc01-r01-robo01 cluster, and click the Configure tab.
    4. Under Configuration, click VM/Host Rules.
    5. Select System created UDLR anti-affinity-rule
    6. Click Edit.
    7. In the nyc01-r01-robo01 - Edit VM/Host Rule dialog box, enter the following settings and click Ok.

      Setting

      Value

      Name

      anti-affinity-rule-edge-udlr

      Enable rule

      Selected

      Type

      Separate Virtual Machine

    8. Click Add, select the two NSX ESGs, and click OK.
    9. In the nyc01-r01-robo01 - Edit VM/Host Rule dialog box, click OK.