Contributor
Contributor

NSX-T 3.0: Adding interfaces to VRF gateway failing

Jump to solution

Adding interfaces to an VRF gateway is failing with the following error.

pastedImage_0.png

From developer tools I collected the following API request and response NSX-T manager UI is sent and received.

API Request for add interface request

{"subnets":[{"ip_addresses":["10.10.151.2"],"prefix_len":"24"}],"type":"EXTERNAL","segment_path":"/infra/segments/EDGE-NVDS-VRF-RED-TOR-L","display_name":"test","urpf_mode":"STRICT","access_vlan_id":"151","edge_path":"/infra/sites/default/enforcement-points/default/edge-clusters/a3f99a45-0a19-4cf1-a0a6-a89a68e4b8d4/edge-nodes/55875f6f-1b36-4476-818a-7535406ce005","id":"test"}

Response

{

  "httpStatus" : "BAD_REQUEST",

  "error_code" : 528009,

  "module_name" : "Policy",

  "error_message" : "Provider interface in default tier0 /infra/tier-0s/mahi-vrf-tier-0 should cover edge paths in VRF interfaces."

}

1 Solution

Accepted Solutions
Commander
Commander

Have you configured the Parent T0 and its external interface before configuring the VRF?

View solution in original post

0 Kudos
8 Replies
Commander
Commander

Have you configured the Parent T0 and its external interface before configuring the VRF?

View solution in original post

0 Kudos
Contributor
Contributor

Thanks for the response.

I do created Parent T0 but not the external interface. Now after creating the external interface on Parent T0 the VRF gateway interface configuration went through. I followed the configuration in the blog http://www.vstellar.com/2020/09/16/configuring-vrf-lite-in-nsx-t-3-0/

and it didn't talked about the configuration external interfaces on Parent T0. Could you point me to a doc that has  proper steps to configure the VRF gateway?

What is the role of the Paren T0 external interface configuration here? I see the parent external interface should be connected to a non-trunk vlan segment, whereas the VRF external interface should be connected to trunk vlan segment.

pastedImage_0.png

0 Kudos
Commander
Commander

Hey rajala

Actually that blog post start with an architecture where it has an external interface configured in the T0. I could not find a document, even the official, where it states that you need that as I learned that from a Design session. However in this blog post you can see that he configures a T0 External interface: https://vdcnetworker.blog/vrf-lite-on-nsx-t-3-0/

To be honest with you I am not 100% sure of why this is needed and if this is used during the exchange of the routes but I think it is used for Inter-VRF connectivity. However I am not 100% sure.

0 Kudos
VMware Employee
VMware Employee

This is because vrf uplinks need a connection to Tier-0 gateway interface which should be in Trunk mode to peer with upstream routers.

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 4x
Commander
Commander

Sreec​,

Quick question, this external interface also needs a BGP peering to be configured with the next hop router?

0 Kudos
VMware Employee
VMware Employee

Not required . However you can use it for routing other workload subnets which are not in VRF routing table.

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 4x
0 Kudos
Commander
Commander

Good to know that, thanks for the clarification, it was also my doubt :smileygrin:

0 Kudos
Contributor
Contributor

Thank you very much Lalegre and Sree. Appreciate your help.

Have a great day!!!

0 Kudos