VMware Cloud Community
kill51216
Contributor
Contributor

LR Centeralized limitations question

hello,

when i look at 《

VIO2.0&NSX - Network Topologies Configuration Guide-v1.0(public).pptx

》,i find in page 64, LR Centeralized has a limitations:1 Tenant can not have more than 9 Networks,

i can't understand what it means.das LR Centeralized can't can't connect more than 9 subnet?

another question: does LR Centeralized reached ten interface it will create a  new shareEdage?

7 Replies
ddesmidt
VMware Employee
VMware Employee

About your question on # of networks per tenant logical router:

A tenant can have multiple routers.

A specific tenant router can not have more than 9 interfaces.

So a specific tenant router can not be connected to more than 9 networks.

Note: The technical reason is an NSX Edge can not have more than 9 internal interfaces.

Do you have a need a specific tenant logical router connected to more than 9 networks?

And if so, how many?


About your question on "New Shared Edge creation":

A specific NSX Edge can be used by different tenant logical routers.

This limits the # of NSX Edge in the Data Center.

Note: Obviously even if they share the same NSX Edge, FW rules are created so each tenant logical router has no access to other tenant.

When the sum of the different tenant logical router interfaces exceeds 9, then automatically a new Edge is created.

Example:

Step1: Tenant1-LR is created with 3 interfaces

=> Shared-Edge1 with 3 interfaces (used by Tenant1-LR)

Step2: Tenant2-LR is created with 2 interfaces

=> Shared-Edge1 with 5 interfaces (used by Tenant1-LR + Tenant2-LR)

Step1: Tenant3-LR is created with 3 interfaces

=> Shared-Edge1 with 8 interfaces (used by Tenant1-LR + Tenant2-LR + Tenant3-LR)

Step1: Tenant4-LR is created with 2 interfaces

=> Shared-Edge1 with 8 interfaces (used by Tenant1-LR + Tenant2-LR + Tenant3-LR)

=> Shared-Edge2 with 2 interfaces (used by Tenant4-LR)



Dimitri

Reply
0 Kudos
Bigdeal212
Contributor
Contributor

I am trying to get the following setup to work

Screenshot (2).png

My lan0 and lan1 are not communicating what am I missing?

Reply
0 Kudos
admin
Immortal
Immortal

In the picture I see Lan01, Lan02 and Ext network.

You mention Lan0 and Lan1 not communicating... which network are you referring as lan0 ?

Here are few things to try out:

Are you able to ping the router interfaces? i.e ping 192.168.1.254 (lan01 interface) from machine on 192.168.2.0/24 (lan02)  ( and vice versa )?

Did you explicitly specify 192.168.1.254 to be the router interface for lan01?

Delete the interfaces of the router. Recreate the interfaces without specifying the interface IP this shud use *.1 as the interface IP. See if that helps.

Reply
0 Kudos
Bigdeal212
Contributor
Contributor

Thank for responding, Sorry I mistyped. I have Lan01 and Lan 02 configured as follows

Network Lan01 with subnet 192.168.1.0/24

Network Lan02 with subnet 192.168.2.0/24

Routers:

Tenant01-LS-01 is connected to Lan01 and to the external network

Tenant01-LS-02 is connected to:

Lan01 on 192.168.1.254

Lan02 on 192.168.2.1

Machines on Lan 01 can ping 192.168.2.1 but not the machines, when I do a trace route from a machine on Lan01 I see it hop through the external network

Machines on Lan 02 can ping 192.168.1.254 but not the machines on lan01.

I checked ICMP and it looks ok the machines respond to pings from machines on the same network and subnet.

I am not sure if I need to add static routes

PS: Router 2 can not use .1 as it tells me its connected to router 1

Reply
0 Kudos
admin
Immortal
Immortal

can you paste the security group rules applied on both those VMs

What happens if you edit the security group rules to allow ICMP from any CIDR

Reply
0 Kudos
Bigdeal212
Contributor
Contributor

Hi,

The security rules applied allow all ICMP traffic on all machine.

When I do a traceroute from Lan 1 to a machine on Lan 2 I can see that traffic is being directed to the external gateway

Reply
0 Kudos
admin
Immortal
Immortal

I see that there are two routers in Lan01 - one router with intf 192.168.1.254 and another with intf 192.168.1.1. But the machines on Lan01 can only have one gateway IP set and I suspect that it is set to 192.168.1.1. If you did not specify a gateway IP when creating the logical network Lan01, then Neutron will automatically pick .1 (192.168.1.1) to be gateway IP and when DHCP response is sent to the VMs on this network this .1 (192.168.1.1) IP is sent as the gateway IP.


So this is what is most likely happening. When you ping from a machine on Lan02


1. it reaches the router on intf 192.168.2.1 (Lan02) which is set as the default gateway on this machine

2. the router forwards it to the intf 192.168.1.254 (Lan01)

3. from the intf 192.168.1.254 (Lan01) it reaches the machine on Lan01

4. the machine on Lan01 most likely has its default gateway set to 192.168.1.1 and is sending the response back to 192.168.1.1, where it is being dropped as this is a different router which does not have a route to Lan02.


To verify this, on the machine on Lan01 can you print the routing table and see what the default gateway is. If it is a linux instance, then "route -n" command should print the routing table. If my hypothesis is right, then the default gateway should be set to 192.168.1.1.


Actually, I don't think there second router (between Lan02 and Lan01) is needed. The same router that connects Lan01 to EXTNET can be used to connect Lan02 and security group rules on Lan02 can be used to make sure that it does not send/receive traffic directly to/from EXTNET.