Not sure if this is by design or not but we have a problem pinging the forwarding addresses on our DLR's
We are have 4 DLR's which need to talk to our border routers on VLAN 500. They all talk to each other on a 10.254.1.0/24 subnet - We are using BGP but that isnt really relevant here.
We have created a port group on our dvSwitch for each of these. Reason being is that we don't seem to be able to connect them to the same port group. Once one DLR is connected the portgroup is removed from the list. These port groups have the exact same settings, Only thing different is the name.
Issue is only one of the DLR's is pingable. If we delete the uplink from a working DLR another one will burst into life
Ive replicated the issue with 6.2.3 and 6.2.4 on different environments using multiple ip and vlan rages.
It seems NSX cant cope with multiple port groups on a dvSwitch using the same VLAN.
Is this a known issue? Maybe there is another method we should use to connect to the DLR's to the vlan we are using?
Hi,
This is not an issue, it is by design, the L2 Bridge (VXLAN-VLAN mapping) is always 1:1 fashion. Is normal you only get a ping in one of this DLR, in the page 47-48 of the Design Guide VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 you can see the flow of the communication with a L2-Bridge configured.
I think, using a single DLR with a dynamic routing peering with 4 ESG using ECMP, and these 4 ESG with an interface in the vlan 500 and BGP/OSPF to your border gateway, maybe works for you requirement.
Thanks
Jorge Hernández
VCP5-DCV, VCP6-DCV, VCAP5-DCA/DCD, VCP6-NV, VCIX-NV, VCI
Hi,
Connecting more than one DLR to a layer-2 segment (VLAN) is unsupported design.
Why you can only connect/ping one of them is because the vMAC of DLR LIF is always the same.
If you look at the ARP table on your border router, you should see that the MAC address of all the DLRs are the same (02:50:56:56:44:52), which can also be shown with the following command:
You may want to consider to connect ESG in between, and let the ESG runs your routing of choice with the border router.
Regards,
yantothen
blog.ipcraft.net