VMware Networking Community
ChrisOk
Enthusiast
Enthusiast
‎01-16-2020 02:22 AM

[NSX-T] 2.4.1: No default route for clients behind tier1 router

Hello,

I have a problem with IPv6 on NSX-T:

  • Our own subnet ist 2001:1000:2000::/48
  • "t1_router" (active/passive) is connected to T0 router "t0_router_C (...249::x/64)
    • "t0_router_C" has multiple uplinks: ...249::1/64, 249::2/64, 249::3/64, 249::4/64)), (2 datacenters with 1 active/active T0 router, each)
  • On segment "segment-A" behind T1 router "t1_router"
    • we have subnet 2001:1000:2000:248::/64 with gateway 2001:1000:2000:248::1
    • we have a client "client-A" with 2001:1000:2000:248::1
      • "client-A" can reach everything in our subnet, i.e.: ... 2000::/48
      • From our subnet ...2000::/48 everone can reach "client-A" and its own subnet.
      • But "client-A" cannot reach the internet.
        • i.e. a traceroute to 2001:4860:4860::8888 already fails at gatewa ...248::1

On edge router "t1_router", I can see IPv6 default route for the vrf:

vrf 1

get route

Flags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,

t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,

t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,

t1d: Tier1-DNS FORWARDER, > - selected route, * - FIB route

Total number of routes: 32

...

t0c> * fe80::/64 is directly connected, downlink-277, 14w2d02h

t0c> * fc22:d31d:2678:5807::/64 is directly connected, downlink-277, 14w2d02h

b  > * ::/0 [20/0] via 2001:1000:2000:249::1, uplink-273, 15:14:53

b  > * ::/0 [20/0] via 2001:1000:2000:249::2, uplink-273, 15:14:53

t1c> * 2001:1000:2000:248::/64 [3/0] via fc22:d31d:2678:5807::2, downlink-277, 04w3d01h

b  > * 2001:1000:2000:99::/64 [20/0] via 2001:1000:2000:249::3, uplink-273, 15:17:48

b  > * 2001:1000:2000:99::/64 [20/0] via 2001:1000:2000:249::4, uplink-273, 15:17:48

b  > * 2001:1000:2000:84::/64 [20/0] via 2001:1000:2000:249::1, uplink-273, 15:15:17

b  > * 2001:1000:2000:84::/64 [20/0] via 2001:1000:2000:249::2, uplink-273, 15:15:17

t0c> * 2001:1000:2000:249::/64 is directly connected, uplink-273, 04w3d01h

vrf 2

get forwarding

IPv6 Forwarding Table

IP Prefix                                     Gateway IP                                Type                  UUID                                                                 Gateway MAC

::/0                                          2001:1000:2000:249::1              route                 3a348cd6-db13-48b0-a88d-44f83af21987        00:50:56:97:73:8f

                                              2001:1000:2000:249::2                                       3a348cd6-db13-48b0-a88d-44f83af21987        00:50:56:97:c5:ed

fe80::/64                                                                           route   b5d4e6f4-83ff-4cd5-a119-a684b99696f4

So, for the client there´s no default IPv6 route available. What am I missing?

Tags (1)
0 Kudos
1 Reply
agrant33
Contributor
Contributor
‎01-17-2020 11:48 AM

This scenario is where TraceFlow is very informative.  You will be presented with a visual representation of where the packets traverse.

Without cross-referencing your CLI output against my lab, I would ask;

  • What Route Redistribution have you configured?
  • Are your Tier0 BGP neighbors up on IPv6 so the traffic can egress?

pastedImage_3.png

0 Kudos