About a year I wrote a serie of articles about automated deployment of network topologies and virtual machines with vRealize Automation and NSX-V. Today, we have some new options available when it comes to network virtualization and automation & orchestration. Next to NSX-V we have NSX-T available which is VMware’s multi-hypervisor, multi-cloud network virtualization solution. For automation & orchestration there’s Cloud Assembly. Cloud Assembly is part of vRealize Automation Cloud (fka Cloud Automation Services), a SaaS based automation & orchestration solution.

In this article I will have a closer look at how you can automatically deploy a so called routed network as part of a blueprint in Cloud Assembly. For the creation of the routed network construct we will use NSX-T. In case you’re not familiar with Cloud Assembly, I suggest you first read this post: VMworld 2018: A first look at VMware Cloud Assembly – Cloud Management-as-a-Service.

Basic networking architecture

Before we dive into the bits and bytes of both Cloud Assembly and NSX-T, let me first introduce the networking architecture we’re using in this article detailed in the following diagram (and accidentally is the architecture of my homelab):

The core router in my homelab environment is a Ubiquiti EdgeRouter Lite that is connected to the internet, the LAN and the transit network 172.16.210.0/24. The transit network has BGP configured for automatic advertisement of new routes. One of the interesting features of NSX-T is multi-tier routing, explained earlier in my article on VMConAWS networking. Here is another blog with more details on NSX-T multi-tier routing.

Cloud Assembly will leverage this multi-tier routing architecture, a tier-1 router will be automatically deployed by Cloud Assembly when a routed network is requested. More details on this later in this article.

Basic setup of Cloud Assembly

Before we can leverage NSX-T networking constructs in vSphere from Cloud Assembly, we first have to configure the required cloud accounts in Cloud Assembly: one for vSphere and one for NSX-T. A vSphere and NSX-T cloud require a cloud proxy to be installed in the on-premises datacenter. The cloud proxy is a virtual appliance that connects to the VMware Cloud Services SaaS service and acts as…a proxy. Creating these cloud accounts is a straight forward process that speaks for itself, don’t forget to link the NSX-T cloud account to the vSphere cloud-account.

After everything is correctly configured, resources will automatically be added to your Cloud Assembly instance. There are three things you have to setup at this point:

Cloud Zone – A cloud zone defines a set of compute resources that can be used for provisioning. Storage profile – a storage profile determines which datastores can be used to deploy VMs to. Image mapping – an image mapping defines the link between an image name and an actual template on vSphere (or on AWS, Azure or GCP). Project – A project links users and cloud zones, it’s a group that can control who can use what cloud resources.

Setup networking

Before we can deploy a routed network, we have to go through some networking configuration tasks. It’s important that Cloud Assembly knows the networking properties of the link between the Tier0 router and the core router, the 172.16.210.0/24 network in this example. The Domain and DNS settings of this connection will also be used in the routed network that will be deployed by Cloud Assembly. In Cloud Assembly choose Networks under Resources, and add the missing information. Notice that the network you’re selecting is the one that has your NSX-T transport zone as the network domain.

Configure a routed network

We also have to create the network definition for the routed network. This step is completed under the Network Profiles option.

The name for the routed network is “viktorious-ROUTED”, while a capability tag named “network:routed” is submitted. This tag is used in in the blueprint.

Under network policies define a on-demand network. Select the appropriate transport zone and define the CIDR for the network. The subnet size option is used to carve the configured network (defined at CIDR) into smaller subnets. Depending on your requirements you can use a DHCP server or use static IP addresses.

The external network under “Network Resources” is the uplink of the Tier-0 router that will be used to connect the Tier-1 router to. In this example this is VLAN 210 and the 172.16.210.0/24 network.

Configure the blueprint

The blueprint that deploys the routed network contains two virtual machines and the routed network. The routed network is a Cloud.NSX.Network, this is the only network type that supports the routed network type.

The full code for this blueprint is:

formatVersion: 1 inputs: {} resources: Cloud_NSX_Network_1: type: Cloud.NSX.Network properties: name: network networkType: routed constraints: - tag: 'network:routed' VM1: type: Cloud.vSphere.Machine properties: image: viktorious-ubuntu1604 cpuCount: 1 totalMemoryMB: 2048 networks: - network: '${resource.Cloud_NSX_Network_1.id}' storage: constraints: - tag: 'storage:ssd' VM2: type: Cloud.vSphere.Machine properties: image: viktorious-ubuntu1604 cpuCount: 1 totalMemoryMB: 2048 networks: - network: '${resource.Cloud_NSX_Network_1.id}' storage: constraints: - tag: 'storage:ssd'

This yaml code is available for download through https://github.com/viktoriousss/CloudAssembly/blob/master/routed-blueprint-example/blueprint.yaml.

The most important settings in this blueprint are:

networkType: routed – to create route network

tag: ‘network:routed’ – this will select the appropriate network profile that includes the tag ‘network:routed’.

Deploying the blueprint

The last step is to deploy the blueprint. The deployment history will include al the steps that are required to allocate and create the required resources (virtual machines and network):

The routed network is created in NSX-T, and a tier-1 router is added to the environment:

In NSX we will find a new segment and Tier1 router:

On a vSphere level the VMs are connected to this new segment, and because BGP is in place connectivity from the LAN network is available.

Connectivity test:

Now we’ve got our routed network including two virtual machines up and running! I hope this helps when you try to deploy a routed network yourself using Cloud Assembly. Happy automating!