Red Hat OpenShift NSX DLR configuration

NSX DLR

The NSX distributed logical router runs as a kernel module in the hypervisor of each host and is optimized for East-West routing. Optionally, a DLR Control VM can be installed. The DLR Control VM is needed to peer with NSX Edges and NSX controllers for dynamic routing (OSPF or BGP) updates. In this deployment, static routing is used. However, DLR Control VMs are deployed, in case you require to use a routing protocol.

The NSX DLR Control VMs are configured as an active and passive pair of appliances. During the configuration process, the DLR control VM is deployed in the compact size and the NSX DLR is connected to the Red Hat OpenShift Edge.

Since the NSX DLR Control VMs are configured as active-passive, you must create vSphere Distributed Resource Scheduler (DRS) anti-affinity rules. The rules ensure that NSX Edges do not run on the same host as their respective peer appliance.

NSX DLR interfaces

The NSX DLR is deployed with a transit network between the Red Hat OpenShift NSX Edge and the Red Hat OpenShift Logical switch. The Edge is defined as an uplink interface and the Logical switch is defined as an internal interface.

NSX DLR firewall

The DLR firewall is configured open.

NSX DLR routes

On the Edge, the default route is configured to be to the transit network connection to the Red Hat OpenShift Edge.

NSX DHCP relay

For the Red Hat OpenShift 4.7 environment, the connection to the DHCP Service runs on the Red Hat OpenShift Edge.

PowerNSX commands

Review the following example PowerNSX commands that you can use to automate the provisioning and configuration of the NSX DLR.

Use the following table to document the parameters that you need for your deployment. Examples are shown that match the deployment described previously.

# Connect to NSX Manager
Connect-NsxServer -vCenterServer <IP_Address> -User <UserName> -Password '<Password>'

# Create DLR interface specifications and then create DLR
$uplinkLif = New-NsxLogicalRouterInterfaceSpec -Name ToESG -Type uplink -ConnectedTo (Get-NsxLogicalSwitch OpenShift-Transit) -PrimaryAddress 192.168.100.2 -SubnetPrefixLength 24
$internalLif = New-NsxLogicalRouterInterfaceSpec -Name ToLS -Type internal -ConnectedTo (Get-NsxLogicalSwitch OpenShift-LS) -PrimaryAddress 192.168.133.1 -SubnetPrefixLength 24
$haLif = New-NsxLogicalRouterInterfaceSpec -Name ToHA -Type internal -ConnectedTo (Get-NsxLogicalSwitch OpenShift-HA)
New-NsxLogicalRouter -Name OpenShift-DLR -ManagementPortGroup (Get-NsxLogicalSwitch OpenShift-HA) -Interface $uplinkLif,$internalLif,$haLif -Cluster (Get-Cluster cluster1) -EnableHA -Datastore (Get-Datastore vsanDatastore)

# Configure the default gateway on the DLR to be the ESG
$uplinkVnic = Get-NsxLogicalRouter OpenShift-DLR | Get-NsxLogicalRouterInterface "ToESG"
$uplinkVnicId = $uplinkVnic.index
Get-NsxLogicalRouter OpenShift-DLR | Get-NsxLogicalRouterRouting | Set-NsxLogicalRouterRouting -DefaultGatewayVnic $uplinkVnicId -DefaultGatewayAddress 192.168.100.1 -Confirm:$false

# Configure the default firewall rule on the DLR to "allow"
$dlr = Get-NsxLogicalRouter OpenShift-DLR
$dlr.features.firewall.defaultpolicy.action = "Accept"
$dlr | Set-NsxLogicalRouter -Confirm:$false

# Configure DHCP relay on DLR
$dlrID = (Get-NsxLogicalRouter -Name "OpenShift-DLR").Id
$internalLifVnicId = (Get-NsxLogicalRouter OpenShift-DLR | Get-NsxLogicalRouterInterface "ToLS").index
$uri = "/api/4.0/edges/$($dlrID)/dhcp/config/relay"
$xmlPayload = "
  <relay>
  <relayServer>
    <ipAddress>192.168.100.1</ipAddress>
  </relayServer>
  <relayAgents>
    <relayAgent>
      <vnicIndex>$($internalLifVnicId)</vnicIndex>
      <giAddress>192.168.133.1</giAddress>
    </relayAgent>
  </relayAgents>
 </relay>"

$null = invoke-nsxwebrequest -method "put" -uri $uri -body $xmlPayload -connection $nsxConnection

# Disconnect
Disconnect-NsxServer

Related links

• Red Hat OpenShift Bastion node setup
• Red Hat OpenShift 4.14 user provider infrastructure installation