VMware Networking Community
dvino821
Contributor
Contributor

Is there an equivalent of a null interface on a NSX ESG?

Is there an equivalent of a null interface on a NSX ESG?

Reason behind the question:

If R1 (physical router) is connected to ESG1 (gateway between virtual and physical worlds) and the following is true:

1. R1 uses a static route to send anything destined for 10.30.0.0/16 to ESG1

2. ESG1 uses a default gateway to get out to R1

3. The NSX network behind ESG1, breaks down the /16 into smaller /24, but initially doesn't use the entire range (the rest will be used later)

What is the best way to prevent a routing loop between R1 and ESG1 for the unused /24 networks?

Traditionally, I believe this would be routed to a null interface.

Thanks

3 Replies
dywanah
Contributor
Contributor

hello.. i believe there are two solutions .. 1st in the Physical router just configure routing for networks in use now to be forward to the ESG, 2nd if u will not do that put firewall rule or rules on the ESG to block any  unneeded traffic not to be forwarded to the logical networks.

RaymundoEC
VMware Employee
VMware Employee

I think you don't need that in order to have not summatization using like BGP for routing.

regards

+vRay

+vRay
Reply
0 Kudos
grosas
Community Manager
Community Manager

Hi dvino821

Interesting question.  I think you mean null route? I don't think there is a "baked in" way to create one, but you can duplicate the behavior on the edge side through sheer guile :smileysilly:.

[ R1 ]  Route to 10.30.0.0/16

  |

  |

  |

[ ESG1 ]

|

|__ 10.30.0.0/24

|__ "Null Interface /30"  example IP 127.0.0.1/30

+-----------------------------------------+

|   CLUSTER HOSTING ESG1  |

+-----------------------------------------+

+----------+

|   DVS  |  --> Null Distributed Port Group 

+----------+


- Create "Null" Distributed Portgroup, Customize Default Policies Configuration.  In section 3e "Miscellanous", you can set all ports to blocked.

- Connect one of the interfaces on ESG1 to the Null DPG.

- Find and assign a non-routable non-rfc1918 /30, there are plenty out there.  TIP: Loopback space works great for this!

- Create a static route on ESG1 for the full 10.30.0.0/16, select the "Null" interface.  The static route's next hop will be the other IP in the /30, for instance 127.0.0.2, using my diagrammed example.

That should achieve the intended result. Verify in your Edge CLI

      ESG1 > show ip forwarding

Going for something similar to this:

Screen Shot 2015-04-04 at 4.05.01 AM.png

Like a previous replier mentioned, it might make more sense to connect to R1 using dynamic routing and only advertise existing routes... just wanted to explore the option since you asked.. that in some sense this could be done.

Happy Easter

- GR

_____________________________________
Gabe Rosas (VMware HCX team at VMware)
Blog: hcx.design
LinkedIn: /in/gaberosas
Twitter: gabe_rosas