VMware Cloud Community
benjamin000
Enthusiast
Enthusiast
‎07-17-2017 08:15 PM

Routing with NoNAT NSX & VIO

We have managed to disable NAT via another post but as we can now boot an instance and have a floating IP assigned via a public subnet we do not have external access.

As I am sure it is a routing issue can someone advise what additional steps need to be done with disabling NAT.

My intention is to remove NAT and have public IPs directly assigned to the VM interfaces.

VIO 3.1 and NSX 6.3.1

This is the last issue that we are facing to have VIO working as we would like so help is appreciated.

Regards Ben McGuire
Tags (1)
0 Kudos
6 Replies
benjamin000
Enthusiast
Enthusiast
‎07-18-2017 07:06 PM

Anyone ??

Sreec​ can you please advise as i would be most grateful.

I am willing to compensate anyone that can provide a working solution.

Regards Ben McGuire
0 Kudos
Sreec
VMware Employee
VMware Employee
‎07-18-2017 10:41 PM

Once IP is reflecting in Guest via DHCP/Static mapping - you can advertise those public pool subnets via BGP to next hop device . Assuming that you are using Edge here, configure BGP at the edge level and it should be peered with your upstream router.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
benjamin000
Enthusiast
Enthusiast
‎07-19-2017 12:52 AM

Hello

Thank you for the response.

Will this implementation interrupt current VM's using NAT ?

I have assigned a public subnet for this implementation so that I do not have to use subnets that are being used in the NAT setup. In addition would it be best if another router is configured so this can be used solely for the noNAT network?

Yes ESG is being used in HA mode.

If you could elaborate a little more regarding the config on BGP on this ESG as I am a little unclear on what this acheives. I was under that impression that all that is required is a static routes from the entire subnet subnet/VM's to the gateway.

Regards Ben McGuire
0 Kudos
Sreec
VMware Employee
VMware Employee
‎07-27-2017 01:25 AM

Sorry for the late response. Yes you can configure NAT on another device and use BGP explicitly on one ESG ,

I was under that impression that all that is required is a static routes from the entire subnet subnet/VM's to the gateway.

Static route from DLR to ESG ?  

For BGP routing ,you have can run ibgp at ESG to Upstream router and Upstream router will take care of EBGP session.In your case you are assigning public IP directly to VM - So this public IP should be internet routable ,for that you need a BGP routing . For private ranges, you can configure NAT against 1 or pool of Public IP and again make it internet routable  using bgp(Usually done at ISP side)

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
benjamin000
Enthusiast
Enthusiast
‎07-27-2017 07:15 AM

It is becoming clearer now.

Would I be wise to configure multiple ESG's ? As currently we have about 20 ESG as we use VIO NSX HA. So when I am fully ready to completely remove NAT from the entire VIO/NSX I can convert all the ESG's to BGP ?

So to recap I do not need to use OSFP just BGP ?

Regards Ben McGuire
0 Kudos
Sreec
VMware Employee
VMware Employee
‎07-30-2017 06:03 AM

How many ESG to be used is a design question . What use cases we have in this setup ? Going via traditional multi-tenancy concept -one might end up using different ESG . From a routing protocol perspective IGP(OSPF) can be used for internal routing and EGP(BGP) can be used for internet routing . That is a simple explanation,however without understanding the network topology(End-End) and overall business requirement i cannot comment which one to be used were and how to use it.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos