Highlighted
Enthusiast
Enthusiast

NSX-V ESG to LDR ip routing fails

I have a very simple deployment of NSX-V

3 clusters

Cluster 1=edge esg

Cluster 2=ldr and test vm's

Cluster 3=nsx manager and controllers (out of band, not prepped for vxlan)

Two virtual machines,

VM:10.10.10.10

VM2: 11.11.11.11

3 logical switches

APP_10(for interface 10.10.10.0)

APP_11(for interface 11.11.11.0)

Transit(uplink for ldr, internal for esg)

LDR internal interface 1: 10.10.10.1/24

LDR internal Interface 2: 11.11.11.1 /24

LDR uplink interface: 13.13.13.1/30

ESG internal interface 1 : 13.13.13.2/30

Static routes in the ESG=

10.10.10.0/24  Next Hop=13.13.13.1

11.11.11.0/24 Next Hop=13.13.13.1

LDR Default Gateway=13.13.13.2

for some reason my test vms cannot ping the internal of the ESG, and my ESG cannot ping my test vms. i can ping each interface on the LDR from the ESG, but i cannot communicate past the LDR's internal interface.

in reverse, my VM's can ping each other on different networks, and can ping the uplink to their LDR, however they can not contact the internal of the ESG

no firewalls have been configured at this point.

im not sure what i have configured wrong. any help will be much appreciated

0 Kudos
23 Replies
Highlighted
Enthusiast
Enthusiast

Hello,

You need to add a static route on your DLR.

just add a route to 0.0.0.0/0 via default gateway of your DLR which is: 13.13.13.2

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted

Hello,

If you want to use static routing, then you need to configure on DLR: default route next hop 13.13.13.2

And as per the following KB, There is an expected behavior with the ping in VMware NSX for vSphere 6.x:  VMware Knowledge Base

Cheers, vExpert2020-2019||VCIX6-NV||VCAP-NV-DCV||VCP-NV-DC-CMA||CCNA-R&S @KakHassan linkedin.com/in/hassanalkak
0 Kudos
Highlighted
Enthusiast
Enthusiast

i have placed a static route of 0.0.0.0/0 to 13.13.13.2 and still no success..

also should i have the default gateway configured even though i have an any any route?

0 Kudos
Highlighted
Enthusiast
Enthusiast

Yes, please confiure default gateway.

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted
Enthusiast
Enthusiast

default gateway and 0.0.0.0/0 route created. still no luck

pastedImage_0.png

pastedImage_1.png

0 Kudos
Highlighted
Enthusiast
Enthusiast

Could you login to the consol of DLR

use command show ip route, and show's us the output?

Are you able to ping 8.8.8.8 from dlr ?

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted
Enthusiast
Enthusiast

negative, haven't gotten that far. i cant even ping 13.13.13.2 from the dlr

pastedImage_1.png

0 Kudos
Highlighted
Enthusiast
Enthusiast

Your config

LDR internal interface 1: 10.10.10.1/24

LDR internal Interface 2: 11.11.11.1 /24

LDR uplink interface: 13.13.13.1/30

ESG internal interface 1 : 13.13.13.2/30

Looking at the screen I see that you used /24 Mask for 13.13.13.0/24 ??

Which one is correct ??

Secondly:

Please post show ip route from ESG console

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted
Enthusiast
Enthusiast

im sorry i reconfigured that last night, i spoke with a vmware employee who specializes in NSX over the phone and he stated that i shouldn't use a /30 for the transit network. he recommend at least a /29 i guess for ip space?  so i just made it simple and created all interfaces a /24 for the simplicity

0 Kudos
Highlighted
Enthusiast
Enthusiast

pastedImage_0.png

0 Kudos
Highlighted
Enthusiast
Enthusiast

So the NSX employee suggested the /29 mask,

Because if you are using Dynamic Routing bettween your peers (ESG-DLR) you need at least 3 IP address's

1. ESG - Internal to DLR

2. DLR - Uplink to ESG

3. DLR - Forward Protcol ( For peering with OSPF or BGP)

And according to the ESG routes, you also need to add Default Gateway for ESG, which is missing here. 

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted
Enthusiast
Enthusiast

what would be the ESG default Gateway? he would be my Ingres egress \point into the physical networking, so his default gateway should be on the uplink side right?

0 Kudos
Highlighted
Enthusiast
Enthusiast

default gateway would be an uplink from ESG to your physical Router/Edge Router.

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted
Enthusiast
Enthusiast

i can configure that, however what does that do to resolve my problem with communicating with the ESG internally?

0 Kudos
Highlighted
Enthusiast
Enthusiast

Well, after adding the route's to the DLR could you please one more time do traceroute from VM that is on VLXAN

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted
Enthusiast
Enthusiast

my tracert is making it to 11.11.11.1(Test vms DG) then it dies

0 Kudos
Highlighted
Enthusiast
Enthusiast

Thats odd, sometimes redeploying DLR helps.

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos
Highlighted
Enthusiast
Enthusiast

ya ive tried that many times. very frustrating. usually its something simple thats misconfigured, i just cant find it

0 Kudos
Highlighted
Enthusiast
Enthusiast

Hmm,

I can make exact copy of your configuration in my LAB if you wish, so  I will post you the results ??

Best Regards
Marcin Gwóźdź
VCP-NV 6, VCAP-DCV 7, VCP-DTM 7.
linkedin.com/in/marcin-gwóźdź-80b84b122
0 Kudos