Since my lab is now working nicely it’s time for some serious networking implementation, this time using iBGP to advertise VXlan based networks running inside VMware NSX. For this exercise I will be using the following layout:
So without any further delay let’s get nasty.
So the first thing on the list is to setup NSX inside the hypervisor, which I will not cover as other people can do it much better then I can, try VMguru’s videos for example.
Once you have done this we then create a new logical switch which I gave VXlan number 6000. I added two Micro Debian VM’s to the Logical switch and made sure that they can ping each other using the overlay network.
Next is the deployment of the Edge Service Gateway, you can also use a logical router but since the ESG is packed with goodies and I really do not care about throughput I opted for the ESG.
Click on the NSX edge section and then add a new edge.
Now make sure you enable SSH access and choose a correct password. By not enabling SSH access you going to have a hard time debugging the damn thing when needed.
Choose the correct Datacenter and how big you want it to be, for me that would be compact because heck it’s only routing. Then choose where you want to host the ESG by clicking on the GREEN +
Next we configure the Interfaces for the ESG.
First create an uplink to the Mikrotik router and assign it an IP. Then do the same for the Internal network. Make sure you select the correct Portgroups that you are connecting to.
This one is going to stump you, add the default Gateway IP address. I know what you are thinking hey we are doing routing, but since I am lazy I want to be able to SSH into the device from my laptop and not have to bother with the remote console. We can remove this one later on.
Update the firewall to allow all traffic, trust me on this one it will make you life a lot easier by not having the firewall get in the way of ICMP for example.
Finish the baby off.
So new we move onto the Mikrotik router.
Let start off by editing the existing BGP instance that is allready present by adding a router-id. This can be any IP number you like as it is only used as a reference, but in my case I choose the ip number of the VLAN router interface:
/routing bgp instance set 0 router-id=172.26.4.1
Next we add the BGP peer relation:
/routing bgp peer add name=NSX_BGP remote-address=172.26.4.2 remote-as=65530
Make sure you choose the correct AS number, it has to be identical on both sides to be able to call this BGP
That’s it from the Mikrotik side, now back to the Edge Service Gateway, let’s edit it.
Click on the routing section and then on EDIT in the Dynamic Routing Configuration.
Select the EXTERNAL_NIC as the Router id or if you feel funy just change it. Click on save
Everytime you see this Green thing in your screen click on Publish
Now click on the BGP section and then edit and add the local AS number you previously added on the mikrotik router. Next we add neighbours.
Again make sure the AS number is the same and the IP number.
If I now login to the Edge you can see that the routing table has been updated from the Mikrotik router. But if you login to the mikrotik router, no change. This is because we still need to tell our BGP router on the EDGE to start advertising our networks.
Click on route Redistribution and then on Change. Select BGP and save.
Then click on the GREEN + on the bottom section table.
Select connected and BGP as the learner protocol. You can also select which prefix you would like to redistribute but then you have to add them using the previous page.
All BGP routes are now available on both side.