Azure VMware Solution – NSX-T Configuration

November 23, 2023November 23, 2023 | bogdan.buruianabogdan.buruiana | 0 Comment | 3:40 pm
Azure VMware Solution – NSX-T Configuration post thumbnail image

Traditionally ACLs, firewall rules, and routing policies were used to establish and enforce isolation and multi-tenancy. With micro-segmentation, support for those properties is inherently provided. Implementing application segmentation with DFW (Distributed Firewall) allows for either multiple L2 segments with L3 isolation or a single-tier network environment where workloads are all connected to a single L2 segment.

Tier-0 Gateway

  • Tier-0 Gateway is configured by default in Active/Active mode for ECMP
  • Northbound connectivity through BGP on Tier-0 Gateway
  • Route redistribution enabled on Tier-0 Gateway

Tier-1 Gateway

  • Pre-provisioned Tier-1 for workloads segments connectivity
  • Route Advertisement enabled on pre-provisioned Tier-1 Gateway
  • DNS Forwarder deployed on Tier-1

DemoNSX-T Configuration

  • On the Networking tab, you can configure functions such as switching, routing and layer 3 services, such as NAT, VPN, load balancing, and so on.
  • Default AVS configuration comes with a single Tier-1 Gateway and additional Gateways can only be added from the NSX-T interface. Also any Logical Segments added from the Azure Portal will be configured on the default Tier-1 Gateway: TNT30-T1. For advanced networking configurations additional Gateways will be added from NSX-T:
  • From NSX-T admin interface navigate to Networking -> Tier-1 Gateways -> Add Tier-1 Gateway
  • Select Tier-0 gateway TNT30-T0 and Edge Cluster: TNT30-CLSTR
  • Expand Route Advertisement and enable all options then Save.

Configure DNS

  • From NSX-T interface navigate to Networking -> IP Management -> DNS  -> DNS zones and click on Add DNS Zone and select Default DNS Zone
  • Type the Zone Name and DNS Servers(can be public DNS or private DNS) and click on Save

Add DNS Service

  • From NSX-T interface navigate to Networking -> IP Management -> DNS  -> DNS Services and click on Add DNS Service
  • Type the DNS Service Name and IP address* and select T1 Gateway and Default DNS Zone

*Default DNS Service IP was 10.119.64.192 – for the other T1 Gateways created we used IP addresses from the range 10.119.64.192 – 10.119.64.195

Configure DHCP profile

  • From NSX-T interface navigate to Networking -> Connectivity -> Tier-1 Gateways, click on the 3 dots next to the Gateway Name, select Edit and click on Set DHCP Configuration
  • Select Type: DHCP Server and as DHCP Server Profile the DHCP profile AVS-POC-DHCP and click on Save
  • On the T1 Gateway blade click on Save and then Close Editing

Add logical segment

  • From NSX-T interface navigate to Networking -> Connectivity -> Segments and click on Add Segment
  • Type the Segment Name, select the previously created T1 Gateway, select the TNT30-OVERLAY-TZ Transport Zone and type the Subnet CIDR
  • Click on Set DHCP Config
  • On the DHCP Config set DHCP Config to Enabled and specify the IP address range that will be used for allocation and click on Apply

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

AZ-900 – Module 3 – Core solutions and management toolsAZ-900 – Module 3 – Core solutions and management tools

Azure Solutions Internet of Things (IoT) is the ability for devices to garner and then relay information for data analysis. Learn and SkillPipe content: https://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/1-introductionhttps://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/2-identify-product-optionshttps://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/3-analyze-decision-criteriahttps://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/4-use-iot-hubhttps://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/5-use-iot-centralhttps://docs.microsoft.com/en-us/learn/modules/iot-fundamentals/6-use-azure-sphere Big data and analytics Artificial

Read MoreRead More