VMware Networking Community
aqualityplacem
Contributor
Contributor
‎09-30-2016 01:48 AM

Multiple DLR's with uplinks on the same VLAN issue

Not sure if this is by design or not but we have a problem pinging the forwarding addresses on our DLR's

We are have 4 DLR's which need to talk to our border routers on VLAN 500. They all talk to each other on a 10.254.1.0/24 subnet - We are using BGP but that isnt really relevant here.

We have created a port group on our dvSwitch for each of these. Reason being is that we don't seem to be able to connect them to the same port group. Once one DLR is connected the portgroup is removed from the list. These port groups have the exact same settings, Only thing different is the name.

Issue is only one of the DLR's is pingable. If we delete the uplink from a working DLR another one will burst into life

Ive replicated the issue with 6.2.3 and 6.2.4 on different environments using multiple ip and vlan rages.

It seems NSX cant cope with multiple port groups on a dvSwitch using the same VLAN.

Is this a known issue? Maybe there is another method we should use to connect to the DLR's to the vlan we are using?

0 Kudos
2 Replies
jorge_luis_hern
Enthusiast
Enthusiast
‎09-30-2016 02:54 PM

Hi,

This is not an issue, it is by design, the L2 Bridge (VXLAN-VLAN mapping) is always 1:1 fashion. Is normal you only get a ping in one of this DLR, in the page 47-48 of the Design Guide VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 you can see the flow of the communication with a L2-Bridge configured.

I think, using a single DLR with a dynamic routing peering with 4 ESG using ECMP, and these 4 ESG with an interface in the vlan 500 and BGP/OSPF to your border gateway, maybe works for you requirement.

Thanks

Jorge Hernández

VCP5-DCV, VCP6-DCV, VCAP5-DCA/DCD, VCP6-NV, VCIX-NV, VCI

0 Kudos
yantothen
Enthusiast
Enthusiast
‎10-02-2016 09:17 AM

Hi,

Connecting more than one DLR to a layer-2 segment (VLAN) is unsupported design.

Why you can only connect/ping one of them is because the vMAC of DLR LIF is always the same.

If you look at the ARP table on your border router, you should see that the MAC address of all the DLRs are the same (02:50:56:56:44:52), which can also be shown with the following command:

DLR vMAC.png

You may want to consider to connect ESG in between, and let the ESG runs your routing of choice with the border router.

Regards,

yantothen

blog.ipcraft.net

0 Kudos