The routing design considers different levels of routing in the environment, such as number and type of NSX-T routers, dynamic routing protocol, and so on. At each level, you apply a set of principles for designing a scalable routing solution.

Routing can be defined in the following directions: North-South and East-West.

  • North-South traffic is traffic leaving or entering the NSX-T domain, for example, a virtual machine on an overlay network communicating with an end-user device on the corporate network.

  • East-West traffic is traffic that remains in the NSX-T domain, for example, two virtual machines on the same or different segments communicating with each other.

Table 1. Design Decisions on Routing Using NSX-T

Decision ID

Design Decision

Design Justification

Design Implications


Create two VLANs to enable ECMP between the Tier-0 Gateway and the Layer 3 device (ToR or upstream device).

The ToR switches or upstream Layer 3 devices have an SVI on one of the two VLANS and each edge virtual machine has an interface on each VLAN.

Supports multiple equal-cost routes on the Tier-0 Gateway and provides more resiliency and better bandwidth use in the network.

Extra VLANs are required.


Deploy an Active-Active Tier-0 Gateway.

Supports ECMP North-South routing on all edge virtual machines in the NSX-T Edge cluster.

Active-Active Tier-0 Gateways cannot provide services such as NAT. If you deploy a specific solution that requires stateful services on the Tier-0 Gateway, such as VMware Pivotal Container Service, you must deploy an additional Tier-0 Gateway in Active-Standby mode.


Use BGP as the dynamic routing protocol.

Enables the dynamic routing by using NSX-T. NSX-T supports only BGP .

In environments where BGP cannot be used, you must configure and manage static routes.


Configure BGP Keep Alive Timer to 4 and Hold Down Timer to 12 between the ToR switches and the Tier-0 Gateway.

Provides a balance between failure detection between the ToR switches and the Tier-0 Gateway and overburdening the ToRs with keep alive traffic.

By using longer timers to detect if a router is not responding, the data about such a router remains in the routing table longer. As a result, the active router continues to send traffic to a router that is down.


Do not enable Graceful Restart between BGP neighbors.

Avoids loss of traffic. Graceful Restart maintains the forwarding table which in turn will forward packets to a down neighbor even after the BGP timers have expired causing loss of traffic.



Deploy a Tier-1 Gateway to the NSX-T Edge cluster and connect it to the Tier-0 Gateway.

Creates a two-tier routing architecture that supports load balancers and NAT.

Because the Tier-1 is always Active/Standby, creation of services such as load balancers or NAT is possible.

A Tier-1 Gateway can only be connected to a single Tier-0 Gateway.

In scenarios where multiple Tier-0 Gateways are required, you must create multiple Tier-1 Gateways.