{"id":1069,"date":"2023-11-23T15:40:01","date_gmt":"2023-11-23T15:40:01","guid":{"rendered":"https:\/\/bogdanburuiana.com\/?p=1069"},"modified":"2023-11-24T12:08:10","modified_gmt":"2023-11-24T12:08:10","slug":"azure-vmware-solution-nsx-t-configuration","status":"publish","type":"post","link":"https:\/\/bogdanburuiana.com\/index.php\/2023\/11\/23\/azure-vmware-solution-nsx-t-configuration\/","title":{"rendered":"Azure VMware Solution &#8211; NSX-T Configuration"},"content":{"rendered":"\n<p>Traditionally ACLs, firewall rules, and routing policies were used to establish and enforce isolation and multi-tenancy. With micro-segmentation, support for those properties is inherently provided. Implementing application segmentation with DFW (Distributed Firewall) allows for either multiple L2 segments with L3 isolation or a single-tier network environment where workloads are all connected to a single L2 segment.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"221\" height=\"380\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-19.png\" alt=\"\" class=\"wp-image-1071\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-19.png 221w, \/wp-content\/uploads\/2023\/11\/image-19-174x300.png 174w\" sizes=\"(max-width: 221px) 100vw, 221px\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<p><strong>Tier-0 Gateway<\/strong><\/p>\n\n\n\n<ul>\n<li>Tier-0 Gateway is configured by default in Active\/Active mode for ECMP<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Northbound connectivity through BGP on Tier-0 Gateway<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Route redistribution enabled on Tier-0 Gateway<\/li>\n<\/ul>\n\n\n\n<p><strong>Tier-1 Gateway<\/strong><\/p>\n\n\n\n<ul>\n<li>Pre-provisioned Tier-1 for workloads segments connectivity<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Route Advertisement enabled on pre-provisioned Tier-1 Gateway<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>DNS Forwarder deployed on Tier-1<\/li>\n<\/ul>\n\n\n\n<p><strong>Demo<\/strong> &#8211; <strong>NSX-T Configuration<\/strong><\/p>\n\n\n\n<ul>\n<li>On the Networking tab, you can configure functions such as switching, routing and layer 3 services, such as NAT, VPN, load balancing, and so on.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"940\" height=\"474\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-21.png\" alt=\"\" class=\"wp-image-1076\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-21.png 940w, \/wp-content\/uploads\/2023\/11\/image-21-300x151.png 300w, \/wp-content\/uploads\/2023\/11\/image-21-768x387.png 768w\" sizes=\"(max-width: 940px) 100vw, 940px\" \/><\/figure>\n\n\n\n<ul>\n<li>Default AVS configuration comes with a single Tier-1 Gateway and additional Gateways can only be added from the NSX-T interface. Also any Logical Segments added from the Azure Portal will be configured on the default Tier-1 Gateway: TNT30-T1. <strong>For advanced networking configurations additional Gateways will be added from NSX-T<\/strong>:<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>From NSX-T admin interface navigate to Networking -> Tier-1 Gateways -> Add Tier-1 Gateway<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"942\" height=\"420\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-22.png\" alt=\"\" class=\"wp-image-1078\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-22.png 942w, \/wp-content\/uploads\/2023\/11\/image-22-300x134.png 300w, \/wp-content\/uploads\/2023\/11\/image-22-768x342.png 768w\" sizes=\"(max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<ul>\n<li>Select Tier-0 gateway TNT30-T0 and Edge Cluster: TNT30-CLSTR<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"926\" height=\"426\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-23.png\" alt=\"\" class=\"wp-image-1079\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-23.png 926w, \/wp-content\/uploads\/2023\/11\/image-23-300x138.png 300w, \/wp-content\/uploads\/2023\/11\/image-23-768x353.png 768w\" sizes=\"(max-width: 926px) 100vw, 926px\" \/><\/figure>\n\n\n\n<ul>\n<li>Expand Route Advertisement and enable all options then Save.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"780\" height=\"320\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-24.png\" alt=\"\" class=\"wp-image-1080\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-24.png 780w, \/wp-content\/uploads\/2023\/11\/image-24-300x123.png 300w, \/wp-content\/uploads\/2023\/11\/image-24-768x315.png 768w\" sizes=\"(max-width: 780px) 100vw, 780px\" \/><\/figure>\n\n\n\n<p><strong>Configure DNS<\/strong><\/p>\n\n\n\n<ul>\n<li>From NSX-T interface navigate to Networking -> IP Management -> DNS\u00a0 -> DNS zones and click on Add DNS Zone and select Default DNS Zone<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"869\" height=\"360\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-25.png\" alt=\"\" class=\"wp-image-1081\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-25.png 869w, \/wp-content\/uploads\/2023\/11\/image-25-300x124.png 300w, \/wp-content\/uploads\/2023\/11\/image-25-768x318.png 768w\" sizes=\"(max-width: 869px) 100vw, 869px\" \/><\/figure>\n\n\n\n<ul>\n<li>Type the Zone Name and DNS Servers(can be public DNS or private DNS) and click on <strong>Save<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Add DNS Service<\/strong><\/p>\n\n\n\n<ul>\n<li>From NSX-T interface navigate to Networking -> IP Management -> DNS\u00a0 -> DNS Services and click on <strong>Add DNS Service<\/strong><\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Type the DNS Service Name and IP address* and select T1 Gateway and Default DNS Zone<\/li>\n<\/ul>\n\n\n\n<p><em>*Default DNS Service IP was 10.119.64.192 \u2013 for the other T1 Gateways created we used IP addresses from the range 10.119.64.192 &#8211; 10.119.64.195<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"783\" height=\"359\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-26.png\" alt=\"\" class=\"wp-image-1082\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-26.png 783w, \/wp-content\/uploads\/2023\/11\/image-26-300x138.png 300w, \/wp-content\/uploads\/2023\/11\/image-26-768x352.png 768w\" sizes=\"(max-width: 783px) 100vw, 783px\" \/><\/figure>\n\n\n\n<p><strong>Configure DHCP profile<\/strong><\/p>\n\n\n\n<ul>\n<li>From NSX-T interface navigate to Networking -> Connectivity -> Tier-1 Gateways, click on the 3 dots next to the Gateway Name, select Edit and click on <strong>Set DHCP Configuration<\/strong><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"852\" height=\"382\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-27.png\" alt=\"\" class=\"wp-image-1083\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-27.png 852w, \/wp-content\/uploads\/2023\/11\/image-27-300x135.png 300w, \/wp-content\/uploads\/2023\/11\/image-27-768x344.png 768w\" sizes=\"(max-width: 852px) 100vw, 852px\" \/><\/figure>\n\n\n\n<ul>\n<li>Select Type: DHCP Server and as DHCP Server Profile the DHCP profile AVS-POC-DHCP and click on <strong>Save<\/strong><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"325\" height=\"272\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-30.png\" alt=\"\" class=\"wp-image-1086\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-30.png 325w, \/wp-content\/uploads\/2023\/11\/image-30-300x251.png 300w\" sizes=\"(max-width: 325px) 100vw, 325px\" \/><\/figure>\n\n\n\n<ul>\n<li>On the T1 Gateway blade click on <strong>Save<\/strong> and then <strong>Close Editing<\/strong><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"657\" height=\"272\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-31.png\" alt=\"\" class=\"wp-image-1087\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-31.png 657w, \/wp-content\/uploads\/2023\/11\/image-31-300x124.png 300w\" sizes=\"(max-width: 657px) 100vw, 657px\" \/><\/figure>\n\n\n\n<p><strong>Add logical segment<\/strong><\/p>\n\n\n\n<ul>\n<li>From NSX-T interface navigate to Networking -> Connectivity -> Segments and click on Add Segment<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>Type the Segment Name, select the previously created T1 Gateway, select the TNT30-OVERLAY-TZ Transport Zone and type the Subnet CIDR<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"864\" height=\"395\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-32.png\" alt=\"\" class=\"wp-image-1088\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-32.png 864w, \/wp-content\/uploads\/2023\/11\/image-32-300x137.png 300w, \/wp-content\/uploads\/2023\/11\/image-32-768x351.png 768w\" sizes=\"(max-width: 864px) 100vw, 864px\" \/><\/figure>\n\n\n\n<ul>\n<li>Click on Set DHCP Config<\/li>\n<\/ul>\n\n\n\n<ul>\n<li>On the DHCP Config set DHCP Config to Enabled and specify the IP address range that will be used for allocation and click on <strong>Apply<\/strong><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"571\" height=\"367\" src=\"https:\/\/bogdanburuiana.com\/wp-content\/uploads\/2023\/11\/image-33.png\" alt=\"\" class=\"wp-image-1089\" srcset=\"\/wp-content\/uploads\/2023\/11\/image-33.png 571w, \/wp-content\/uploads\/2023\/11\/image-33-300x193.png 300w\" sizes=\"(max-width: 571px) 100vw, 571px\" \/><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Traditionally ACLs, firewall rules, and routing policies were used to establish and enforce isolation and multi-tenancy. With micro-segmentation, support for those properties is inherently provided. Implementing application segmentation with DFW (Distributed Firewall) allows for either multiple L2 segments with L3 isolation or a single-tier network environment where workloads are all connected to a single L2 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1072,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,4],"tags":[],"_links":{"self":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts\/1069"}],"collection":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/comments?post=1069"}],"version-history":[{"count":4,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts\/1069\/revisions"}],"predecessor-version":[{"id":1090,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts\/1069\/revisions\/1090"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/media\/1072"}],"wp:attachment":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/media?parent=1069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/categories?post=1069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/tags?post=1069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}