After few NSX (NSX-V) designing & deploying projects,
I installed NSX-T at my lab, it was harder then i thought π
Itβs very different from NSX-V.
This is my NSX-T lab physical topology
Itβs took me some time to find where to configure the Edge uplink IP address π you do it at Tier-0,
Tier-0 communicate with the edge via Geneve
NSX-T (ver 2.4) support only static routes and BGP for north-south,
i used BGP (because i have 2 active edges),
β
logical topology
β
Some more differences
| Β | NSX-V | NSX-T |
| Managenet | vCenter | NSX Manager |
| Overlay | VXLAN | Geneve |
| East west router | DLR (distributed) |
Tier 1 (distributed) |
| North south router | Edge (not distributed) |
Tier 0 (distributed) but traffic flow via the edge (not distributed) |
| Virtual switch | Logical switch | Logical switch |
Controllers |
controllers |
NSX Manager (starting with ver 2.4) |
| Platform | vSphere | vSphere, OpenStack, Containers (PKS) |
Β
β
NSX-T BGP configuration
I used BFD, because without BFD in case of an age failure i had more the 1 minute packet loss, with BFD itβs around 2 seconds packet loss
I configured Interval 1000 (1 second) and multiplier 3
BGP config:
Route redistribution
Configure Tier-1 route redistribution into BGP
(this is done via Tier-0)
β
Juniper-1 BGP configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
set interfaces xe-0/2/2 unit 0 family ethernet-switching vlan members v216 set interfaces irb unit 216 family inet address 10.101.216.254/24 set vlans v216 vlan-id 216 set vlans v216 l3-interface irb.216 set protocols bgp local-as 65222 set protocols bgp group SDDC-NSX-T_edge1 type external set protocols bgp group SDDC-NSX-T_edge1 hold-time 30 set protocols bgp group SDDC-NSX-T_edge1 peer-as 65002 set protocols bgp group SDDC-NSX-T_edge1 neighbor 10.101.216.101 export export-route set protocols bgp group SDDC-NSX-T_edge1 neighbor 10.101.216.101 bfd-liveness-detection version 1 set protocols bgp group SDDC-NSX-T_edge1 neighbor 10.101.216.101 bfd-liveness-detection minimum-interval 1000 set protocols bgp group SDDC-NSX-T_edge1 neighbor 10.101.216.101 bfd-liveness-detection multiplier 3 set protocols bgp group SDDC-NSX-T_edge1 neighbor 10.101.216.101 bfd-liveness-detection holddown-interval 0 set policy-options policy-statement export-route term local-routes from route-filter 0.0.0.0/0 exact set policy-options policy-statement export-route term local-routes then accept |
β
Juniper-2 BGP configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
set interfaces xe-0/2/2 unit 0 family ethernet-switching vlan members v226 set interfaces irb unit 226 family inet address 10.101.226.254/24 set vlans v226 vlan-id 226 set vlans v226 l3-interface irb.226 set protocols bgp local-as 65222 set protocols bgp group SDDC-NSX-T_edge2 type external set protocols bgp group SDDC-NSX-T_edge2 hold-time 30 set protocols bgp group SDDC-NSX-T_edge2 peer-as 65002 set protocols bgp group SDDC-NSX-T_edge2 neighbor 10.101.226.102 export export-route set protocols bgp group SDDC-NSX-T_edge2 neighbor 10.101.226.102 bfd-liveness-detection version 1 set protocols bgp group SDDC-NSX-T_edge2 neighbor 10.101.226.102 bfd-liveness-detection minimum-interval 1000 set protocols bgp group SDDC-NSX-T_edge2 neighbor 10.101.226.102 bfd-liveness-detection multiplier 3 set protocols bgp group SDDC-NSX-T_edge2 neighbor 10.101.226.102 bfd-liveness-detection holddown-interval 0 set policy-options policy-statement export-route term local-routes from route-filter 0.0.0.0/0 exact set policy-options policy-statement export-route term local-routes then accept |
β
Ping test
I disconnected the link between Juniper-1 and Edge-1, only 2 seconds packet loss, BFD is working π
β
NSX-T Troubleshooting
Whith NSX-T Tier-0 and Tier-1 troubleshooting is done via the Edge,
First you need to connect to the relevant Tier (via the βvrfβ command)
β
Juniper Troubleshooting
show bgp summary
show bfd session
β
Summary
With NSX-T use BGP & BFD in case you have more the 1 active NSX edge
β