Hi all I have the following setup:
LS-Service1 (5000)
VM1 172.16.10.5
VM2 172.16.10.6
LS-Service2 (5001)
VM3 172.16.20.5
VM4 172.16.20.6
LS-Transit (5002)
DLR
LIF1 172.16.10.1 -> LS-Service1
LIF2 172.16.20.1 -> LS-Service2
Uplink 192.168.10.2 -> LS-Transit
Edge
LIF1 192.168.10.1 -> LS-Transit
Uplink 10.10.10.139 -> Uplink-DPortGroup
I have OSPF configured between the DLR and Edge and the routing tables on each are showing they have picked up each others routes. All VMS can ping each other. All VMs can ping their default gateway (.1) on the DLR. The Edge can ping all 172.16.X.1 address. The DLR can ping 10.10.10.139.
However the VMs can't ping 10.10.10.139 and the Edge can't ping any of the VMs. Can anybody explain why????
PS all firewalls are set to accept all
All fixed I deleted everything and reinstalled using the new 6.2 release configured it all the same way I did before and its now all working as expected.
Thanks for all your help and suggestions
Do you have Route Redistribution enabled such that OSPF learns from the connected interfaces?
Yes route redistribution setup.
Show ip route on both the Edge and the DLR is showing the learnt "E2" routes
Do you have a default gateway on the DLR pointing to the EDGE ?
Yes gateway is set to 192.168.10.1 -> LS-Transit
What's the management IP of your DLR? Is the network on which your management IP resides excluded from route redistribution?
I feel like the article below may be of some benefit:
If that all looks good, ECMP may be causing what you are seeing, which is by design. I can point you in the direction of some information on that as well.
I don't have a management IP configured as I was aware it can cause problems so just access through the console when needed.
I don't believe I have ECMP enabled so doubt its that.
I've removed the edge to strip my environments back to a very basic setup of 2 x LS (172.16.10.0/24 & 172.16.20.0/24) and 1 x DLR. The problem I now have is a VM on the .10 subnet can contact another VM on the .10 fine irrespective of where the other VM is e.g same host or different host. However the problem I have is a VM on the .10 subnet can only ping a VM on the .20 subnet if this VM is on the same host. Ping tests between the host all work fine and no firewalls rules are set to deny or reject. Can some explain why this might be?
Hi Paul,
Can you confirm you run packet tracing in guest? After running packet tracing both sides confirm if the syn part of the ping is getting through in one direction?
Also, can you confirm that 2 vms on the .20 subnet can communicate when on different hosts?
After that point, try and restart the agents on the ESXi hosts ( assuming this is still POC/Test)
Via ssh to all ESXi hosts.
/etc/init.d/netcpad stop
/etc/init.d/netcpad start
Please also confirm what build of NSX and ESXi you're running?
Cheers,
Redmond
Yes 2 VMs on the .20 can communicate when on different host or on the same host but can only communicate with a .10 VM on the same host.
I restarted the netcpad agents on all hosts but no I get no communication between subnets only VMs within the same subnet irrespective of host location.
I'm running NSX v6.1.4 Build 2691049 and ESXi 5.5.Build 2026576
You may see some benefit using the redeploy option for the DLR edge appliance.
All fixed I deleted everything and reinstalled using the new 6.2 release configured it all the same way I did before and its now all working as expected.
Thanks for all your help and suggestions