(Optional) Deploy the secondary NSX Autonomous Edge in HA mode (on-premises site)
Overview
Optionally, use the following steps to deploy a secondary NSX-T Autonomous Edge (Layer 2 VPN client) in HA mode in your on-premises environment:
#
OVF Template Name
Port Group
Primary Node
Second Node (optional)
Remark
1
Network 0
Management
192.168.137.79
192.168.137.80
2
Network 1
Uplink
192.168.138.77
–
must to have access to internet
3
Network 2
Trunk
–
–
4
Network 3
– (HA, optional)
192.168.137.81
192.168.137.82
Procedure
Step 1: Follow the steps in Deploy NSX Autonomous Edge (on-premises site) until you reach the Customize template step.
Step 2: On the Customize template step, do the following instead:
In the Application section, do the following:
Set the System Root User Password.
Set the CLI "admin" User Password.
Select the Is Autonomous Edge checkbox.
Leave the remaining fields empty.
NSX Edge core services do not start unless you enter passwords meeting these requirements:
At least 12 characters
At least one uppercase letter
At least one lowercase letter
At least one digit
At least one special character
At least five different characters
In the Network Properties section, do the following:
Set the Hostname.
Set the Management Network IPv4 Address. This is the management IP for the autonomous edge.
Set the Management Network Netmask. This is the management network prefix length.
Set the Default IPv4 Gateway. This is the default gateway of the management network.
In the DNS section, do the following:
In the DNS Server list field, enter the DNS server IP addresses separated by spaces.
In the Domain Search List field, enter the domain name.
In the Services Configuration section, do the following:
Enter the NTP Server List.
Enter the NTP Servers, separated by spaces.
Select the Enable SSH checkbox.
Select the Allow Root SSH logins checkbox.
Leave External section empty.
In the HA section, do the following:
-Enter the HA Port details in the following format: VLAN_ID, Exit Interface, IP, Prefix Length.
For example: 137,eth2,192.168.137.81,24. Replace the following values:
VLAN ID: VLAN ID of the uplink VLAN
Exit Interface: interface ID reserved for uplink traffic
IP: IP address reserved for the uplink interface
Prefix Length: prefix length for the uplink network
-In the HA Port Default Gateway field, enter the default gateway of the management network
-Select the Secondary API Node checkbox.
-In the Primary Node Management IP field, enter the management IP address of the primary autonomous edge.
-In the Primary Node Username field, enter the username of the primary autonomous edge (for example, "admin").
-In the Primary Node Password field, enter the password of the primary autonomous edge.
-In the Primary Node Management Thumbprint field, enter the API thumbprint of the primary autonomous edge.
You can get this by connecting using SSH to the primary autonomous edge using admin credentials and running the command: “get certificate api thumbprint”
Step 3: Complete the remaining OVF template deployment steps to deploy the secondary autonomous edge (on-premises Layer 2 VPN client).
PowerOn the second NSX autonomous edge
Step 4: Validate:
It will take some minutes to sync.
Log in to both NSX autonomous nodes, check High Availability, L2VPN\
-Primary node:
-Secondary node:
-Port ID, Tunnel ID, exit interfaces are same on both nodes.
Step 5: Failover test:
To test the NSX autonomous failover:
-Ping from on-premises to HI GIO cloud.
-Shutdown NSX autonomous primary node
-Result:
NSX autonomous secondary status will change to ACTIVE, L2 VPN = UP
The connection drop ~ 5-10 seconds
After powering on the NSX autonomous primary node, the HA status between the nodes was re-established. The secondary edge remains active, and the primary will become active only in case of additional failure.
Last updated