For availability of the routing services and connectivity to the external network, you create a two-node cluster of NSX-T Edge nodes.

To support the communication between tenant workloads deployed on the network segments in NSX-T Data Center with tenant workloads deployed on external networks, you configure dynamic routing for the shared edge and workload cluster. Deploy the NSX-T Edge cluster for the workload domain from the SDDC Manager API Explorer by using a JSON specification. You take a sample JSON specification, enter the values for your environment, and use that specification for the deployment.

Procedure

  1. In a Web browser, log in to the SDDC Manager user interface.
    Setting Value
    URL https://sfo-vcf01.sfo.rainpole.io
    User name administrator@vsphere.local
    Password vsphere_admin_password
  2. In the navigation pane, click Developer Center.
  3. On the VMware Cloud Foundation Developer Center page, click the API Explorer tab.
  4. Retrieve the unique ID for the shared edge and workload cluster.
    1. Expand APIs for managing Clusters, click GET /v1/clusters, and click Execute.
    2. In the Response section click PageOfCluster and click Cluster (sfo-w01-cl01).
    3. Save the ID of the cluster value to use it later.
  5. Prepare a JSON specification to deploy an NSX-T Edge Cluster.
    1. Copy an paste the JSON specification in a text editor.
      {
         "edgeClusterName":"sfo-w01-ec01",
         "edgeClusterType":"NSX-T",
         "edgeRootPassword":"edge_root_password",
         "edgeAdminPassword":"edge_admin_password",
         "edgeAuditPassword":"edge_audit_password",
         "edgeFormFactor":"LARGE",
         "tier0ServicesHighAvailability":"ACTIVE_ACTIVE",
         "mtu":9000,
         "asn":65000,
         "tier0RoutingType":"EBGP",
         "tier0Name": "sfo-w01-ec01-t0-gw01",
         "tier1Name": "sfo-w01-ec01-t1-gw01",
         "edgeClusterProfileType": "CUSTOM",
         "edgeClusterProfileSpec": 
          {  "bfdAllowedHop": 255,
             "bfdDeclareDeadMultiple": 3,
             "bfdProbeInterval": 1000,
             "edgeClusterProfileName": "sfo-w01-ecp01",
             "standbyRelocationThreshold": 30 
          },
         "edgeNodeSpecs":[
            {
               "edgeNodeName":"sfo-w01-en01.sfo.rainpole.io",
               "clusterId":"<!REPLACE WITH sfo-w01-cl01 CLUSTER ID !>",
               "managementIP":"172.16.31.69/24",
               "managementGateway":"172.16.31.253",
               "edgeTepGateway":"172.27.33.253",
               "edgeTep1IP":"172.27.33.2/24",
               "edgeTep2IP":"172.27.33.3/24",
               "edgeTepVlan":"2733",
               "interRackCluster": "false",
               "uplinkNetwork":[
                  {
                     "uplinkVlan":2731,
                     "uplinkInterfaceIP":"172.27.31.2/24",
                     "peerIP":"172.27.31.1/24",
                     "asnPeer":65001,
                     "bgpPeerPassword":"bgp_password"
                  },
                  {
                     "uplinkVlan":2732,
                     "uplinkInterfaceIP":"172.27.32.2/24",
                     "peerIP":"172.27.32.1/24",
                     "asnPeer":65001,
                     "bgpPeerPassword":"bgp_password"
                  }
               ]
            },
            {
               "edgeNodeName":"sfo-w01-en02.sfo.rainpole.io",
               "clusterId":"<!REPLACE WITH sfo-w01-cl01 CLUSTER ID !>",
               "managementIP":"172.16.31.70/24",
               "managementGateway":"172.16.31.253",
               "edgeTepGateway":"172.27.33.253",
               "edgeTep1IP":"172.27.33.4/24",
               "edgeTep2IP":"172.27.33.5/24",
               "edgeTepVlan":"2733",
               "interRackCluster": "false",
               "uplinkNetwork":[
                  {
                     "uplinkVlan":2731,
                     "uplinkInterfaceIP":"172.27.31.3/24",
                     "peerIP":"172.27.31.1/24",
                     "asnPeer":65001,
                     "bgpPeerPassword":"bgp_password"
                  },
                  {
                     "uplinkVlan":2732,
                     "uplinkInterfaceIP":"172.27.32.3/24",
                     "peerIP":"172.27.32.1/24",
                     "asnPeer":65001,
                     "bgpPeerPassword":"bgp_password"
                  }
               ]
            }
         ]
      }
    2. Replace the passwords for admin,root,audit users, and bgp password.
    3. Replace the "<!REPLACE WITH sfo-w01-cl01 CLUSTER ID !>" value with the one for the shared edge and workload cluster that you previously saved.
    4. Save the JSON specification to use it for the deployment of the NSX-T Edge cluster.
  6. Validate your JSON specification.
    1. Expand APIs for managing NSX-T Edge Clusters, click POST /v1/edge-clusters/validations.
    2. In the Value text box, enter the content of your JSON specification file and click Execute.
    3. In the confirmation dialog box, click Continue.
    4. In the Response section click Validation UUID and copy the ID from ID of the Validation.
    5. Expand APIs for managing NSX-T Edge Clusters, click GET /v1/edge-clusters/validations/{id}.
    6. Paste the ID from the ID of the Validation into the Value box and click Execute.
    7. In the Response section expand the Validation result and check the resultStatus is SUCCEEDED.
  7. Run the workflow that deploys the NSX-T Edge cluster for the workload domain in SDDC Manager.
    1. Expand APIs for managing NSX-T Edge Clusters and click POST /v1/edge-clusters.
    2. In the Value text box, paste the JSON specification that you prepared and click Execute.
    3. In the confirmation dialog box, click Continue.
  8. Monitor the progress of the deployment from the Tasks list pane.

What to do next

Verify that routing occurs in both the north-south and east-west directions.

  • North-south traffic leaving or entering the workload domain, for example, a virtual machine on an overlay network communicating with an end-user device on the corporate network.

  • East-west traffic remains in the workload domain, for example, two virtual machines on the same or different segments that communicate to each other.