Introduction
In this blog we will go through understanding and configuring Inter VRF Routing for specific use cases on NSX.
Inter VRF Routing is used for communication between different VRF Lite on a Edge Cluster. This can be useful for couple of scenarios.
One of the scenarios is having one VRF specifically for Internet routes and subnets. One of the benefits with this scenario is only using BGP connections to our physical environment to our Internet VRF and from there distributing it to other “Costumer VRF’s/Edges” within the Edge Cluster.
In the design below you will see a example of the construction:
In this design we see a BGP connection with a /24 prefix from our physical routers to our T0 Internet VRF. From there we split the /24 in to multiple subnets and give customers via the Inter VRF Routing a /27 and a /28 prefix.
Let’s start the configuration and show you the design within NSX.
Configuration
Create T0 Internet VRF
First we need to create our T0 Internet VRF on NSX.
1. Login to your NSX manager and go to “Networking” -> “Tier-0 Gateways”
2. Click on “Add Gateway” and choose “VRF”
3. Choose a name and connect it to a T0.
4. Click on “Save”.
5. You will see a message “Do you want to continue configuring?”. Choose “Yes”.
Configure Interfaces, Prefixes and BGP on T0 Internet VRF
Now we start with the configuration of the T0 Internet VRF. In this blog we will not go to deep in to BGP connections and how to set them up, but we will prepare the prefixes.
I will have a separate blog about BGP connections.
1. First create the interfaces for the BGP connections.
2. Now we will create the prefixes for the BGP connections to allow the /24 to be advertised from the inside.
3. Under “Routing” click on “IP Prefix Lists”.
4. Click on “Add IP Prefix List” and choose a name.
5. Click on “Set”.
6. I will start with the inbound prefixes. In this case I only add and permit the default route (0.0.0.0/0).
7. Fill in the network and put the Action on “Permit”.
8. Click on “Apply”.
9. Click on “Save”.
10. Next we will create the outbound prefix.
11. Follow the same steps and create a prefix list.
12. In this case we add our /24 public address.
13. Now we have created the prefixes we can create the BGP connections. The BGP connections will have the prefixes we just made for inbound and outbound.
14. Last we add our /24 support to “Route Aggregation. Click on “Route Aggregation”.
15. Click on “Add Prefix” and fill in your /24 public subnet. For “Summary” choose “Yes”.
16. Click on “Add” and after that on “Apply”.
17. Now we can click on “Close Edit”
Create and Configure Customer VRF
For the Customer VRF we follow the same steps as the Internet VRF, but we do not set up the interfaces and BGP connections. In this case only the prefix lists for inbound and outbound.
1. After creating the Customer VRF we will start creating the Prefix lists for inbound and outbound again. Only in this case we do not add the /24 to the outbound prefix but only the /27 (Customer 1) or /28 (Customer 2).
Configure Inter VRF
Now we will start the configuration of the Inter VRF Routing.
Create Route Maps
First we need to create Route Maps on all the VRF’s. In this case Internet VRF, Customer 1 VRF and Customer 2 VRF.
1. Start with the Internet VRF Route Maps.
2. Go the the Internet VRF click on the three dots and click on “Edit”.
3. Click on “Route Maps”
4. Click on “Add Route Map”
5. Choose a name for the inbound Route Map and click on “Set”
6. Click on “Add Match Criteria”
7. Put Action on “Permit” and click on “Set”
8. Search for the prefix you created in the previous steps. In this case the inbound prefix.
9. Select the prefix and click on “Apply”
10. Click on “Add” and after that on “Apply”
11. Click on “Save” to save the Inbound Route Map.
12. Now follow the same steps for the Outbound Route Map and don’t forget to choose the Outbound Prefix in step 8.
13. Now follow the same steps for the Customer VRF’s.
Create Inter VRF Routing
The last part is to create the Inter VRF Routing. This part is pretty easy.
1. Let’s again start with the Internet VRF. Click on “Inter VRF Routing”
2. Click on “Add Inter VRF Routing”
3. Choose the “Connected Gateway” in this case Customer 1.
4. Click on “Set”.
5. Click on the three dots and click on “Edit”.
6. Enable “BGP Route Leaking” and choose the IN and OUT filters.
7. Click on “Add”
8. Verify the settings and click on “Apply”
9. Click on “Save”.
10. Now the Inter VRF Routing is set up on the Internet VRF.
11. Click on “Close”.
12. Do the same for the Customer 2 VRF. Follow the same steps for Customer 2 VRF.
13. Now we have the Internet VRF side ready we need to configure it also on the Customer VRF’s. Follow the same steps only in this case the “Connected Gateway” is the Internet VRF and not the Customer VRF
14. Go to the Customer 1 VRF and click on “Edit”
15. Choose “Inter VRF Routing” and follow the same steps to create the Inter VRF Routing.
16. Repeat the same steps for Customer 2 VRF.
Validation
After all Inter VRF Routing have been configured we can validate everything. These are two steps:
1. First we can check the Inter VRF Routing on the Interfaces of the VRF’s. You will see a extra Interface named: INTERVRF
2. After we have advertised the /27 and /28 from the Customer VRF’s we can check on the Internet VRF if the Routes are also visible in the Routing Table.
