vcf

Part 2 – Implementing BGP Routing for vCF

By Ash Thomas #

In our lab environment, we use VyOS as the top‑of‑rack (ToR) router for vSphere configurations. This setup allows us to simulate enterprise networking features such as vMotion, High Availability (HA), vSAN, and NSX‑T inside a nested environment.

To validate a VMware Cloud Foundation (vCF) deployment, we’ll configure a pair of VyOS routers.

Downloading VyOS

We will need a pair of vYOS router to test our vCF implementation

vYos is an opensource router than can be downloaded from https://downloads.vyos.io/?dir=rolling/equuleus/amd64.

All configuration will be performed on a single physical ESXi host (the “master” host)

Let’s begin the configuration

Preparing ESXi Networking

By default, ESXi provides a vSwitch0 with VM Network and Management port groups. For our lab, we’ll create a new Standard vSwitch (vSwitch2) with no physical adapters attached.

Edit switch properties as shown

Required Port Groups

On vSwitch2, create the following port groups. These VLANs are essential for the vCF build:

Network TypeVLANPortGroup
Management Network1611pg-mgmt-1611
vMotion Network1612pg-vMotion-1612
vSAN Network1613pg-vSan-1613
NSX-T-Host Overlay1634pg-host-overlay-1634
NSX-T-edge-uplink-12711pg-nsx-t-edge-overlay
NSX-T-edge-overlay2713pg-nsx-t-edge-overlay
SDDC-vcF-TRUNK4095Trunk Port

From the master esxi host, the portgroups will look as shown below

The Trunk Port (VLAN 4095) is critical — it allows all VLAN traffic to pass through to nested ESXi hosts.

Deploying VyOS VM

Create a new VM and attach the vYOS ISO to it.

Attach all networks as shown and power on the VM

The default credentials are vyos/vyos

Run install image and follow prompts:

  1. Install to sda
  2. Accept default partition size
  3. Set router name
  4. Enter new password
  5. Complete installation

Detach the VyOS ISO from the VM and power it on again.

Lab‑Style VyOS TOR Configuration

Configuring VyOS Router

Log in with new credentials and we are good to configure the router.

Check the interfaces on the router. “show interfaces”

Get into configuration mode using ‘config’ command and set your interfaces.

Configuration of vYOS1 router for vCF

Interface Setup

set interfaces ethernet eth0 address 172.16.11.253/24
set interfaces ethernet eth1 address 172.16.12.253/24
set interfaces ethernet eth2 address 172.16.13.253/24
set interfaces ethernet eth3 address 172.16.34.253/24
set interfaces ethernet eth4 address 172.27.11.253/24
set interfaces ethernet eth5 address 172.27.11.1/24
set interfaces ethernet eth6 address 172.27.13.253/24
set interfaces ethernet eth7 address 10.10.12.192/24

Descriptions & MTU

set interfaces ethernet eth0 description VLAN-1611_esx_mgmt
set interfaces ethernet eth1 description VLAN-1612_vmotion
set interfaces ethernet eth2 description VLAN-1613_vsan
set interfaces ethernet eth3 description VLAN-1634_nsxt_overlay
set interfaces ethernet eth4 description VLAN-2711_nsx_uplink01
set interfaces ethernet eth5 description VLAN-2712_nsx_uplink02
set interfaces ethernet eth6 description VLAN-2713_nsx_edge_overlay
set interfaces ethernet eth7 description internet

set interfaces ethernet eth0 mtu 9000
set interfaces ethernet eth2 mtu 9000
set interfaces ethernet eth3 mtu 9000
set interfaces ethernet eth4 mtu 9000
set interfaces ethernet eth5 mtu 9000
set interfaces ethernet eth6 mtu 9000

DHCP for VLAN 1634

set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 default-router 172.16.34.253
set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 dns-server 172.16.11.4
set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 range 0 start 172.16.34.101
set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 range 0 stop 172.16.34.130

BGP Configuration on vYOS-1

set interfaces ethernet eth4 address 172.27.11.1/24
set interfaces ethernet eth4 mtu 9000
set protocols bgp 65001 parameters router-id 172.27.11.1
set protocols bgp 65001 neighbor 172.27.11.2 update-source eth4
set protocols bgp 65001 neighbor 172.27.11.2 remote-as 65003
set protocols bgp 65001 neighbor 172.27.11.3 remote-as 65003
set protocols bgp 65001 neighbor 172.27.11.2 password VMw@re1!
set protocols bgp 65001 neighbor 172.27.11.3 password VMw@re1!

set protocols bgp 65001 address-family ipv4-unicast network 172.16.11.0/24
set protocols bgp 65001 address-family ipv4-unicast network 172.16.12.0/24
set protocols static route 0.0.0.0/0 next-hop 10.10.12.193 distance 1
set system host-name router-tor-01
set system ntp server 172.16.11.4

commit
save
Saving configuration to ‘/config/config.boot’…
Done

Configuration of vYOS2 router

Interface Setup

set interfaces ethernet eth1 address 10.10.12.193/24
set interfaces ethernet eth0 address 172.27.12.1/24
set interfaces ethernet eth0 description vlan2712
set interfaces ethernet eth1 description internet
set interfaces ethernet eth1 mtu 9000
set interfaces ethernet eth0 mtu 9000

BGP Configuration on vYOS-2

set protocols static route 0.0.0.0/0 next-hop 10.10.12.192 distance 1
set interfaces ethernet eth1 mtu 9000
set protocols bgp 65001 parameters router-id 172.27.12.1
set protocols bgp 65001 neighbor 172.27.12.2 update-source eth0
set protocols bgp 65001 neighbor 172.27.12.2 remote-as 65003
set protocols bgp 65001 neighbor 172.27.12.3 remote-as 65003
set protocols bgp 65001 neighbor 172.27.12.2 password VMw@re1!
set protocols bgp 65001 neighbor 172.27.12.3 password VMw@re1!
set system host-name router-tor-02
set system ntp server 172.16.11.4

commit
save
Saving configuration to ‘/config/config.boot’…
Done

With both VyOS routers configured, your nested vSphere lab is ready to support vCF testing. This setup provides a flexible, software‑defined networking backbone for experimenting with advanced VMware features in a controlled environment.

Production‑Style VyOS TOR Configuration

In production, all ESXi traffic types are carried over trunk ports so alternatively, you can also setup trunking as shown in vyos instead of using separate interfaces on vyos.

# Create ESXi Trunk (eth0)
This trunk carries:
- VLAN 1611 – ESXi mgmt
- VLAN 1612 – vMotion
- VLAN 1613 – vSAN
- VLAN 1634 – NSX overlay

set interfaces ethernet eth0 description "ESXi-Uplink-Trunk"
set interfaces ethernet eth0 mtu 9000
set interfaces ethernet eth0 vif 1611 description "VLAN-1611_esx_mgmt"
set interfaces ethernet eth0 vif 1611 address 172.16.11.253/24
set interfaces ethernet eth0 vif 1612 description "VLAN-1612_vmotion"
set interfaces ethernet eth0 vif 1612 address 172.16.12.253/24
set interfaces ethernet eth0 vif 1613 description "VLAN-1613_vsan"
set interfaces ethernet eth0 vif 1613 address 172.16.13.253/24
set interfaces ethernet eth0 vif 1634 description "VLAN-1634_nsxt_overlay"
set interfaces ethernet eth0 vif 1634 address 172.16.34.253/24


#Create NSX Edge Trunk (eth4)

NSX Edge Trunk (eth4)
- VLAN 2711 uplink01
- VLAN 2712 uplink02
- VLAN 2713 edge overlay

set interfaces ethernet eth4 description "NSX-Edge-Trunk"
set interfaces ethernet eth4 mtu 9000
set interfaces ethernet eth4 vif 2711 description "VLAN-2711_nsx_uplink01"
set interfaces ethernet eth4 vif 2711 address 172.27.11.253/24
set interfaces ethernet eth4 vif 2712 description "VLAN-2712_nsx_uplink02"
set interfaces ethernet eth4 vif 2712 address 172.27.12.253/24
set interfaces ethernet eth4 vif 2713 description "VLAN-2713_nsx_edge_overlay"
set interfaces ethernet eth4 vif 2713 address 172.27.13.253/24

#dhcp config
set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 default-router 172.16.34.253
set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 dns-server 172.16.11.4
set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 range 0 start 172.16.34.101
set service dhcp-server shared-network-name dhcp-1634 subnet 172.16.34.0/24 range 0 stop 172.16.34.130

#BGP Configuration
BGP peering over VLAN 2711

set protocols bgp 65001 parameters router-id 172.27.11.253
set protocols bgp 65001 neighbor 172.27.11.2 remote-as 65003
set protocols bgp 65001 neighbor 172.27.11.2 update-source eth4.2711
set protocols bgp 65001 neighbor 172.27.11.2 password VMw@re1!
set protocols bgp 65001 neighbor 172.27.11.3 remote-as 65003
set protocols bgp 65001 neighbor 172.27.11.3 update-source eth4.2711
set protocols bgp 65001 neighbor 172.27.11.3 password VMw@re1!

# BGP Configuration (updated for trunked uplinks)

set protocols bgp 65001 address-family ipv4-unicast network 172.16.11.0/24
set protocols bgp 65001 address-family ipv4-unicast network 172.16.12.0/24
set protocols bgp 65001 address-family ipv4-unicast network 172.16.13.0/24
set protocols bgp 65001 address-family ipv4-unicast network 172.16.34.0/24

#  Internet Interface (unchanged
WAN routed interface (eth7) 

set interfaces ethernet eth7 description "internet"
set interfaces ethernet eth7 address 10.10.12.192/24

set protocols static route 0.0.0.0/0 next-hop 10.10.12.193 distance 1

set system host-name router-tor-01
set system ntp server 172.16.11.10

(Visited 1,119 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply