Powered by Blogger.

VMware NSX Installation Part 11 – Creating Distributed Logical Router

In the Previous post, We have discussed about creating NSX logical switches and now workloads have L2 adjacency across IP subnets with the help of VXLAN. In this post, we are going to enable routing between multiple Logical switches. So We will build three-tier application with logical isolation provided by network segments. Before We deploy the Distributed Logical router, Let’s create additional logical switches. We have already created a Logical switch called “Web-Tier” in the previous post. Now i am going to create two additional Logical switches called “App-Tier” and “DB-Tier”.
I have created additional logical Switches like (App Tier, DB tier along with Web-Tier). We are going to utilize these Logical switches to enable communicate between them using Distributed Logical Routing in upcoming Section
VMware NSX- Logical Routing-1
VMware NSX- Logical Routing-2
You can see the list of Logical switches which are created from Web Client -> Network & Security -> Logical SwitchesVMware NSX- Logical Routing-3When we create the logical switches, it will create a Distributed Port group on all the respective Distributed Switches.
VMware NSX- Logical Routing-4

Deploying  NSX Distributed Logical Router (DLR):

NSX for vSphere provides L3 routing without leaving the hypervisor Known as the Logical Distributed Router. This advancement sees routing occur within the kernel of each host allowing the routing data plane distributed across the NSX enabled domain. The distributed routing capability in the NSX platform provides an optimized and scalable way of handling East – West traffic within a data center. East-West traffic is a communication between virtual machine or a resource within the datacenter.
In a typical vSphere network model, virtual machines running on a hypervisor want to communicate to the VM connected to different subnets, the communication between these VM’s has to go via Physical Adapter of the ESXi host to Switch and also Physical router is used to provide routing services.  Virtual machine communication has to go out to the physical router and get back in to the server after routing decision. This un-optimal traffic flow is sometimes called as “hair pinning”.The distributed routing on the NSX platform prevents the “hair-pinning” by providing hypervisor level routing functionality. Each hypervisor has a routing kernel module that performs routing between the logical interfaces (LIFs) defined on that distributed router instance. LIFs is nothing but the interfaces on the router which connects various networks i.e various Logical switches.
Logical Router can support a large number of LIFs up to 1000 per Logical Distributed Router. This along with the support of dynamic routing protocols such as BGP and OSPF allows for scalable routing topologies.  LDR allows for heavy optimization of east – west traffic flows and improves application and network architectures.
Below is my lab Topology. I am going to establish communication between 3 Logical switch “Web-Tier” ,”App-Tier” & “DB-Tier” using  Logical Router “LDR-001”VMware NSX-Logical Routing-Lap TopologyTo Deploy Logical Router -> Login to Web Client ->Networking & Security -> NSX Edges -> Click on + to add NSX Logical router.
VMware NSX- Logical Routing-5Select the Logical (Distributed) Router from the radial menu and Provide in the Name, Hostname and Description for the Logical Router and Click Next.
VMware NSX- Logical Routing-6Set an administrative password and username. Select the checkbox Enable SSH access and click on Next.
VMware NSX- Logical Routing-7Click on + under NSX Edge Appliances and we need to define where we want to deploy the DLR Control VM.
VMware NSX- Logical Routing-8Specify the Cluster, Datastore, Host and Folder to deploy the DLR Control VM and click on Ok to deploy the Control VM.
VMware NSX- Logical Routing-9
Click on NextVMware NSX- Logical Routing-9-1
We need to specify the Management interfaces and Logical Interface (LIF).Management Interface is for access with SSH to Control VM. LIF interface needed to be configured in Second Table below “Configure Interfaces of this NSX Edge”. Click on Select Option under Management interface Configuration to select the PortGroup to connect to the Control VM Management Interface and assign the IP address for the Management interface of the Logical Router.Click on + symbol under Configure interfaces of this NSX Edge.VMware NSX- Logical Routing-10Create a interface called “Transit-Network” and Select the type as “Uplink”. Click on Connected To and select the  logical switch”Transit-Network” to connect to and Assign the Ip address for this LIF (Logical interface). I am going to use this Transit interface to establish the communication between Logical router to Physical network by connecting it to NSX edge device. Which we will discuss in upcoming posts.VMware NSX- Logical Routing-11Enter the Name for this Logical interface(LIF)  as “App-Tier” and Select the type as “Internal” and Click on Connected To and select the Logical Switch “App-Tier” and Enter the IP address for this LIF (Logical Interface) as “172.16.20.1”.VMware NSX- Logical Routing-12Create a interface called”Web-Tier” and click on Connected To and Select the logical switch “Web-Tier” and enter the IP address for this interface.VMware NSX- Logical Routing-13Create a Logical Interface “DB-Tier” and connect to the Logical Switch “DB-Tier” and assign the IP address for this LIF interface and click on Ok.
VMware NSX- Logical Routing-14I have Connected 4 Logical Switches “Transit-Network”, “Web-Tier”, “App-Tier” and “DB-Tier” as the interfaces for this logical ineterface. In Simple terms, This Logical router provides routing between the VM’s connected to this Logical switches.VMware NSX- Logical Routing-15Review the Configured settings for the Distributed Logical Router and Click on Finish.
VMware NSX- Logical Routing-16Once Logical router is deployed, you can see the status of the DLR deployment under NSX Edges. Wait until Status of DLR  changed to “Deployed”.VMware NSX- Logical Routing-17

Ping Test To Prove the Distributed Routing:

NSX-Logical RoutingPing Test between different Virtual Machines connected to different logical switches is able to reach each other. It proves that Logical Routing is working.
VMware NSX-Logical Switch Creation -8
VMware NSX- Logical Routing-18
VMware NSX- Logical Routing-19We are done with configuring Distributed routing. I hope this is informative for you. Thanks for Reading!!. Be Social and share it in Social media, if you feel worth sharing it.
    Blogger Comment
    Facebook Comment