Home‎ > ‎VCIX-NV Study Notes‎ > ‎

Section 1.1.4 - Deploying Edge Gateway Devices

Deploying Edge Gateway Devices

The NSX Edge Gateway devices provide North/South network services.   They normally live on your Edge Cluster and there uplink Interface can provide external routing and Internet Access for your VMs.

The main services they can be configured for are as follows:

- North/South Routed Traffic

- North/South firewall services

- Source and Destination NAT functions

- They can participate in OSPF, BGP, ISIS and static routing.

- DHCP services

- Certificate management and offload

- Load Balancing services

- VPN (L2VPN and IP Sec)

- Client SSL VPN services

They can also be configured in an HA pair, and NSX 6.1+ supports 8 node ECMP for the Edge Service Gateways.

The ESGs can be right sized for your needs.  The default sized are:

- Compact - 1 vCPU/256MB RAM

- Large - 2 vCPU/1GB RAM

- X-Large - 4 vCPU 1GB RAM

- Quad Large - 6 vCPU 8GB RAM

Prerequisites to deploy an ESG:

- Network/PortGroup for the UP Link Interface

- Any additional Interface portGroups

- IP informatin for all the Interfaces

An ESG can have up to 9 interfaces and 1 UPLink Interface.

The Edge Services gateway is a VM, so you will need to know what datastore and cluster it will be deployed to, and what folder should hold the object to keep your vCenter organized.

Now lets deploy an Edge Services Gateway.

1. From the NSX Plugin Select NSX Edges and click on the Green "+".  This will start the deployment tool.

2.  Select Edge Services Gateway and provide a name and hostname.

If you plan on using HA for the Edge, check the HA box.

3. Provide the username (default admin)  and passwords for the Edge CLI.   I enable SSH on my Edges in the lab.   It is unchecked by default.

4. Select your Datacenter Object and the Appliance Size.  Click on the green Plus to provide the location information on where to deploy the Edge.

5. Green Plus window.  Populate the required fields.   

6. Next we add interfaces to the Edge.  Click the green plus to configure an UPLINK

7. Provide an UPLINK name, what network it is connected to and an IP address.  Click ok

8. Next we configure an Internal Interface.  This interface will be the default gateway of the network you select if you are configuring routing.

9. Provide the Gateway IP for the Uplink network

10. You can configure how the firewall is configured by default.   If you do not configure this it will block everything until you create a rule.  The  HA part is greyed out because I did not select HA at the start.  If you configure HA you need to provide a vNIC interface and management IP for intra Edge communication.

11. Summary page.  Click next to deploy the ESG.

Next we will discuss and deploy logical routers.