In an upcoming series of posts I will discuss how to build an virtualized network infrastructure based on VMware NSX, connect it to VMware vRealize Automation (vRA) and deploy applications from vRA to this software defined infrastructure. In this first post I will focus on building a basic routed network architecture using Ubiquiti EdgeOS and VMware NSX. The architecture includes a physical core router, an NSX Edge Services Gateway (ESG) and an NSX Distributed Logical Router (DLR). In a follow up post I will expand this virtualized network infrastructure and also connect vRA. After vRA is connected to NSX, we will have a look at NSX networking concept that are exposed to and can be used from vRA. The following posts are currently available:
- Part 1: Building a basic routed network infrastructure with Ubiquiti EdgeOS and VMware NSX
- Part 2: How to configure an NSX routed network profile in vRealize Automation
- Part 3: Deploy an NSX routed network with vRealize Automation
The “core router” in my homelab is the Ubiquiti EdgeRouter Lite. The EdgeRouter is running EdgeOS, a fork of Vyatta (VyOS). Ubiquiti’s EdgeRouter is a device I highly recommend if you want play around with all kind of networking concepts, including VPN, VLANs and routing protocols such as BGP and OSPF. In this first article I will discuss how I’ve configured OSPF in my lab to be used in combination with VMware NSX. OSPF can be configured through the web interface on the EdgeRouter Lite, but of course also through the CLI. In this example I will configure OSPF through the CLI on the EdgeRouter. For NSX I will use the GUI.
An high-level overview of the network infrastructure is included in the picture on the right.
Configure OSPF on the EdgeRouter Lite
Let’s start with OSPF on the EdgeRouter. My EdgeRouter Lite has three interfaces configured:
- The WAN interface: eth0;
- The LAN interface: eth1;
- VLAN 100, which connects to a transit network which connects to my NSX Edge Services Gateway (ESG): eth1.100/vif100.
The EdgeRouter Lite is my ‘backbone area’, an has area 0 assigned. To configure OSPF run through the following commands on the EdgeRouter CLI:
configure set protocols ospf parameters router-id 172.16.100.1/24 set protocols ospf area 0 set protocols ospf area 0 area-type normal set protocols ospf area 0 network 172.16.100.0/24 set protocols ospf area 0 network 192.168.178.0/24 show protocols ospf
Now verify the configuration with
show protocols ospf
And if you’re happy with the result:
commit save clear ip ospf process
This last command reloads ospf on EdgeRouter.
Connect an NSX ESG to the EdgeRouter using OSPF
Now let’s configure OSPF on NSX. Create an ESG, and set a router-id on the ESG (available under routing->Global configuration):
Now configure OSPF under routing->OSPF. Enable OSPF en leave Graful Restart checked as well. Also create to areas, in this example I’ve created area 0 (the backbone area) and area 101 what will be the area behind the ESG. Link the interfaces to correct OSPF Area IDs, see the screendump below:
After you’ve published all the changes, you will get updated routing information in your environment.
On the EdgeRouter you can use show ip route or show ip route ospf for updated routing information:
admin@ubnt:~$ show ip route ospf IP Route Table for VRF "default" O IA *> 172.16.101.0/24 [110/2] via 172.16.100.2, eth1.100, 00:18:39
Use the following command on the NSX manager to see the current OSPF routing:
nsx01.viktorious.local> show edge edge-9 ip route ospf haIndex: 0 O 192.168.178.0/24 [110/2] via 172.16.100.1
Connect a DLR to the ESG and configure OSPF
Now the next step is to connect DLR01 to the ESG01 and configure OSPF on DLR01. I’m also adding the vmnetwork01 network to DLR01, vRA will also connect to this DLR in the future so we can deploy so called “routed networks” using this DLR01. Key is that vRA will automatically deploy new layer two segments, connect them to the DLR and OSPF will automatically redistribute routing information about these new network segments. Of course you have to pre-define these networks in vRA as a network reservation, more details on this in a future post.
First configure the uplink and internal interface on the DLR:
The next step is to configure OSPF on the DLR as well. First set a routerID through Routing->Global configuration->RouterID. Now enable OSPF and set both the forwarding and protocol address. The forwarding address is the same is the Uplink address, the protocol address is the IP address of the DLR control VM. The control VM establishes the OSPF and BGP peering.
Now create the area definition for Area 101, and link it to the interface connected to 172.16.101.2:
Also enable Route Redistribution on the DLR, so that the route to “connected networks” are advertised to OSPF:
Now it’s time to check the routing tables, to see if all routes are available. You can check available routes on the EdgeRouter, ESG01 and/or DLR01. For the NSX routers you can logon to the router itself and then use show ip route. Or you can connect to the NSX manager, and use:
nsx01.viktorious.local> show edge edge-10 ip route haIndex: 0 Total number of routes: 5 S 0.0.0.0/0 [1/0] via 172.16.101.1 O IA 172.16.100.0/24 [110/2] via 172.16.101.1 C 172.16.101.0/24 [0/0] via 172.16.101.3 C 172.20.1.0/24 [0/0] via 172.20.1.1 O IA 192.168.178.0/24 [110/3] via 172.16.101.1
In this command “edge-10” is the id of DLR01.
Continue reading in part 2: How to configure an NSX routed network profile in vRealize Automation
nice, using the USG also more or less the same config?
I don’t know the USG and if it’s based on EdgeOS (I guess so) – if it’s also EdgeOS, then it would be the same kind of configuration.
Mostly repeatable with vyos.io