VMware NSX

 View Only
  • 1.  NSX-T BGP Peering by Subnet

    Posted May 20, 2022 12:54 PM

    We are running a tiered T0 architecture (Provider/Tenant). We spin up tenants with their own T0 and BGP peer that to the Provider T0. 

    The question was asked if we could configure the BGP peering to accept all neighbors within a given subnet.

    So, anyone know of a way to say "trust all neighbors on network 192.168.100.0/24"?



  • 2.  RE: NSX-T BGP Peering by Subnet

    Broadcom Employee
    Posted May 20, 2022 07:16 PM

     

    Does anyone know of a way to say "trust all neighbors on network 192.168.100.0/24"?

     May I know what we meant by trust?  Are you expecting a traffic inspection (L4/L7) ? or any routes from the respective neighbor must be injected directly into the routing table without any filtering? 



  • 3.  RE: NSX-T BGP Peering by Subnet

    Posted May 20, 2022 08:18 PM

    The goal is route propagation. The Tenant T0 has public IP space assigned and needs to advertise its public IPs (NAT, LB, etc.).



  • 4.  RE: NSX-T BGP Peering by Subnet

    Broadcom Employee
    Posted May 30, 2022 12:11 PM

    Based on my knowledge. by nature of BGP routing protocol peering is manual. unless you configure BGP peering on both ends, BGP peering will not come up automatically like OSPF or EIGRP. you can script it or preconfigure it if required.



  • 5.  RE: NSX-T BGP Peering by Subnet

    Posted May 30, 2022 03:23 PM

    The feature BGP neighbor range / BGP neighbor subnet is not available on NSX-T Tier-0:

    engyak_0-1653923665835.png

    If it was, it'd only allow you to specify one ASN as well (and not an ASN range). Given that you probably should also be doing prefix filtering, this is a good job for the API. The payload only requires a few lines of JSON and is pretty doable, even if it needs to be chained after vCD.

    This approach would let you keep your existing design pattern with minimal changes, and get allow your tenant Tier-0s/VRFs to have unique ASNs if you want.

    Prefix Filtering:

    https://vdc-download.vmware.com/vmwb-repository/dcr-public/ce4128ae-8334-4f91-871b-ecce254cf69e/488f1280-204c-441d-8520-8279ac33d54b/api_includes/method_CreateOrReplacePrefixList.html 

    https://vdc-download.vmware.com/vmwb-repository/dcr-public/ce4128ae-8334-4f91-871b-ecce254cf69e/488f1280-204c-441d-8520-8279ac33d54b/api_includes/method_CreateOrReplaceRouteMap.html 

    Add BGP Neighbor via the API:
    https://vdc-download.vmware.com/vmwb-repository/dcr-public/ce4128ae-8334-4f91-871b-ecce254cf69e/488f1280-204c-441d-8520-8279ac33d54b/api_includes/method_CreateOrReplaceBgpNeighborConfig.html