In this post I will step through the basic deployment steps of a Distributed Logical Router (DLR)… but first what is a DLR?
NSX provides the ability to do traffic routing (between 2 separate Layer 2 segments, for example a VM on 192.168.0.1/24 and a VM on 172.18.0.1/24) within the hypervisor without ever having to send the packet out to a physical router. For example, if the application server VM in vlan 101 need to talk to the DB server VM in vlan 102, the packet needs to go out of the vlan 101 tagged port group via the uplink ports to a Layer 3 enabled physical switch which will perform the routing and send the packet back to the vlan 102 tagged portgroup, even if both VM’s reside on the same ESXi server (this is referred to as “hairpin” traffic).
This new ability to route within the hypervisor is made available with DLRs and ESGs (Edge Service Gateways, which we will cover in a later post):
- East-West routing = Distributed Logical Router (DLR)
- North-South routing = NSX Edge Gateway device
Let’s get down to the coal face… Web Client > Networking & Security > NSX Edges, once here click the green cross:
From this screen we can deploy a Edge Service Gateway or Logical (Distributed) Router, there is then a set of options for us to complete:
Name – The name of the DLR to be deployed (and the VM name if you also deploy a control VM)
Hostname – I have always configured this to be the same as the name
Description – A better engineer would put something helpful and descriptive here (I’ve left it blank)
Tenant – This is an interesting one… there is not built in tenancy within NSX manager, this is either here for the use of a CMS or there is a new feature coming (hopefully the second option)
Deploy Edge Appliance – Deploys NSX Edge Appliance to support Firewall and Dynamic routing.
Enable High Availability – Enable HA, for enabling and configuring High Availability.
Once this is all filled in click next:
DLR username, password and logging level to be completed then hit next, the next screen is looking for some info around the appliance that has to be deployed, click the green cross…
A new window will pop up asking for:
- Cluster/Resource Pool
Next step is to configure the HA interface and any DLR interfaces
In HA Interface Configuration: if you selected Deploy NSX Edge you must connect the HA interface to a distributed portgroup that can be reached by the NSX Controllers. This connection is important, even if you are not configuring HA and are not configuring an IP address on the HA interface. If you do not attach the HA interface to a distributed port group, routing will not work. This interface should generally be connected to the management distributed portgroup.
In Configure interfaces of this NSX Edge click the green cross: internal interfaces are for connections to switches that allow VM-to-VM (sometimes called East-West) communication. Internal interfaces are created as pseudo vNICs on the logical router virtual appliance. Uplink interfaces are for North-South communication. A logical router uplink interface might connect to an NSX edge services gateway, a 3rd-party router VM for that, or a VLAN-backed dvPortgroup to make the logical router connect to a physical router directly. You must have at least one uplink interface for dynamic routing to work. Uplink interfaces are created as vNICs on the logical router virtual appliance.
The interface configuration that you enter here is modifiable later. You can add, remove, and modify interfaces after a logical router is deployed.
After this click next and finish. DLR deployed!
This means we can now attach VMs to each of the logical switches we created earlier give them IPs on the same subnet as the associated DLR interfaces and they will be able to route to each other!