VMware Networking Community
Chnoili
Enthusiast
Enthusiast
‎01-22-2021 08:45 AM
Jump to solution

Cannot Ping VMs in different segments over T1 gateway

Hi

I try to setup a nested (on vsphere) NSX-T 3.1 environment. Everything worked fine so far till i tried to connect the vms in the segments via a T1 gateway with each others. It is not possible to ping the different VMs over the T1 gateway. The esxi hosts, the nsx manager and all TEP are reachable and working. The T1 gateway has the setting to advertise all static routes and all connected segments & service ports. The segments are configured to use the T1 gateway. I made no firewall configuration, everything is as it was after installation.

For a better understanding of the setup i attached a picture of the setup.

web01 and web02 are in the same segment (i can ping web01 from web02 but not in the other direction) and i can not ping app01 or db01 from any system. If i connect web01 and web02 to a normal virtual portgroup (not NSX managed) i can ping from both sides. 

An IP Pool for the TEP is also configured (192.168.10.200-240)

I'm new in the nsx field and appreciate every help.

Labels (5)
Preview file
36 KB
Reply
0 Kudos
21 Replies
Chnoili
Enthusiast
Enthusiast
‎01-28-2021 09:15 AM
Jump to solution

Hi Mauricio

Yes you are right i had the following configuration

VM web01 (connected to Web-Segment):
IP: 172.16.10.1
Gateway: 172.16.10.254

Segment Web-Segment:
IP Subnet: 172.16.10.1/24

My thought was, i define the (whole) network (with the CIDR notation /24 also the Gateway) so that NSX knows that this segment has nodes with IP adresses 172.16.10.xx and the default gateway is the 172.16.10.254 by default (last ip).

I didn't know that i have to define the default gateway with the "IP subnet" configuration in the segments configuration.

I have now changed the configuration of the segment to 172.16.10.254/24 (and also all other segments) and now i am able to ping all vm's!!!! Weeehaaaa

Thank you very much for your help! I appreciate it very much!

Regards, Patrick

Reply
0 Kudos
Chnoili
Enthusiast
Enthusiast
‎01-28-2021 09:24 AM
Jump to solution

Hi Mauricio

Thank you for you help. I thought i configure the whole network in the "ip subnet" configuration of the segment. It was not clear for me that i define there the gateway adress of this segment. The CIDR notation was irritating, i thougt NSX configures itself by knowing the subnet and takes the last IP of the subnet as gateway adress.

I now changed the "ip subnet" configuration of all segments to .254/24 and now i can ping all VMs in the different segments!! weehaaaaa

Thank you very much for your help, i really appreciate it!

Regards, Patrick

Reply
0 Kudos