The tier-0 gateway is the NSX logical router that provides the North-South connectivity for the NSX logical networking to the physical infrastructure. vSphere with Tanzu supports multiple tier-0 gateways on multiple NSX Edge clusters in the same transport zone.

A tier-0 gateway has downlink connections to tier-1 gateways and external connections to physical networks.
You can configure the HA (high availability) mode of a tier-0 gateway to be active-active or active-standby. The following services are only supported in active-standby mode:
  • NAT
  • Load balancing
  • Stateful firewall
  • VPN
Proxy ARP is automatically enabled on a tier-0 gateway when a NAT rule or a load balancer VIP uses an IP address from the subnet of the tier-0 gateway external interface. By enabling proxy-ARP, hosts on the overlay segments and hosts on a VLAN segment can exchange network traffic together without implementing any change in the physical networking fabric.

Before NSX 3.2, proxy ARP is supported on a tier-0 gateway in only an active-standby configuration. Starting in NSX 3.2, proxy ARP is also supported on a tier-0 gateway in an active-active configuration.

For more information, see the NSX Administration Guide.

Prerequisites

Verify that you have created an NSX Edge cluster.

Procedure

  1. Log in to the NSX Manager.
  2. Select Networking > Tier-0 Gateways.
  3. Click Add Tier-0 Gateway.
  4. Enter a name for the tier-0 gateway.
    For example, Tier-0_VWT.
  5. Select an active-standby HA mode.
    In active-standby mode, the elected active member processes all traffic. If the active member fails, a new member is elected to be active.
  6. Select the NSX Edge cluster previously created.
    For example, select EDGE-CLUSTER.
  7. Click Save.
    The tier-0 gateway is created.
  8. Select Yes to continue with the configuration.
  9. Configure interfaces.
    1. Expand Interfaces and click Set.
    2. Click Add Interface.
    3. Enter a name.
      For example, enter the name TIER-0_VWT-UPLINK1.
    4. Select Type as External.
    5. Enter an IP address from the Edge Logical Router – Uplink VLAN. The IP address must be different from the management IP address configured for the NSX Edge VMs previously created.
      For example, 10.197.154.1/24.
    6. In Connected To, select the tier-0 uplink segment previously created.
      For example, TIER-0-LS-UPLINK
    7. Select an NSX Edge node from the list.
      For example, nsx-edge-1.
    8. Click Save.
    9. Repeat steps a - h for the second interface.
      For example, create a second uplink TIER-0_VWT-UPLINK2 with IP address 10.197.154.2/24 connected to nsx-edge-2 Edge node.
    10. Click Close.
  10. To configure high availability, click Set in HA VIP Configuration.
    1. Click ADD HA VIP CONFIGURATION.
    2. Enter the IP addess.
      For example, 10.197.154.3/24
    3. Select the interfaces.
      For example, TIER-0_WVT-UPLINK1 and TIER-0_WVT-UPLINK2
    4. Click Add and Apply.
  11. To configure routing, click Routing.
    1. Click Set in Static Routes.
    2. Click ADD STATIC ROUTE.
    3. Enter a name.
      For example, DEFAULT-STATIC-ROUTE.
    4. Enter 0.0.0.0/0 for network IP address.
    5. To configure next hops, click Set Next Hops and then Add Next Hop.
    6. Enter the IP address of the next hop router. Typically, this is the default gateway of the management network VLAN from the NSX Edge logical router uplink VLAN.
      For example, 10.197.154.253.
    7. Click Add and Apply and SAVE.
    8. Click Close.
  12. To verify connectivity, make sure that an external device in the physical architecture can ping the uplinks that you configured.

What to do next

Configure a Supervisor Cluster. See Enable Workload Management with NSX Networking