IBM Cloud Docs
Supported topologies

Supported topologies

Single data center base topology

This topology creates a single gateway cluster, with active-passive Tier-0 and Tier-1.

Active-passive on Tier-0 provides IPsec capability for access through the high availability VIP address. Alternatively, Tier-0 can use Border Gateway Protocol (BGP) and peer with a vSRX firewall.

The following diagram shows an example of a customer deployment that uses the standard topology, when the segments are attached to the Tier-1 Gateway. You can add more segments to the existing Tier-1 Gateway or more Tier-1 Gateways on the same NSX edge clusters, if needed.

Single-site single-tenant example topology with Tier-1 Gateway
Single-site single-tenant example topology with Tier-1 Gateway

  1. The vCenter Server automation deploys an example single-site topology, which follows the principles that are presented in this model. The deployment includes a single vCenter and three NSX managers that are deployed in the cluster on the initial IBM Cloud data center location.
  2. The vCenter Server automation deploys two edge cluster transport nodes and a single edge cluster for your Tier-0 and Tier-1 Gateways.
  3. The Tier-0 Gateway provides north-south routing capabilities and the access to IBM Cloud private network is provided through its uplinks.
  4. The access to the private network is provided through private uplinks, which are attached to a portable subnet on a private primary VLAN on the IBM Cloud private network. The routing to IBM Cloud services uses these uplinks. The automation provisions the IP addresses to the uplinks from the IBM Cloud managed 10/8 address space.
  5. If you provision your instance with public interfaces, the access to the public network is provided through public uplinks. These uplinks are attached to a portable subnet on a public VLAN on the IBM Cloud public network. The routing to the internet uses these uplinks, and the public IP addresses to the uplinks are provisioned by the automation.
  6. A single Tier-1 Gateway is provisioned by the automation for the workloads. You can use this topology or customize it by provisioning new Tier-1 Gateways.
  7. You can expand the default topology by adding new segments to the existing Tier-1 Gateway (or to the new Tier-1 Gateways provisioned by you). The route advertisements between T1 and T0 gateways are fully customizable by you and are done by NSX. No routing protocol is required or used between T1 and T0 advertisements.