VMware Networking Community
zhornsby
Enthusiast
Enthusiast

NSX-V ESG to LDR ip routing fails

I have a very simple deployment of NSX-V

3 clusters

Cluster 1=edge esg

Cluster 2=ldr and test vm's

Cluster 3=nsx manager and controllers (out of band, not prepped for vxlan)

Two virtual machines,

VM:10.10.10.10

VM2: 11.11.11.11

3 logical switches

APP_10(for interface 10.10.10.0)

APP_11(for interface 11.11.11.0)

Transit(uplink for ldr, internal for esg)

LDR internal interface 1: 10.10.10.1/24

LDR internal Interface 2: 11.11.11.1 /24

LDR uplink interface: 13.13.13.1/30

ESG internal interface 1 : 13.13.13.2/30

Static routes in the ESG=

10.10.10.0/24  Next Hop=13.13.13.1

11.11.11.0/24 Next Hop=13.13.13.1

LDR Default Gateway=13.13.13.2

for some reason my test vms cannot ping the internal of the ESG, and my ESG cannot ping my test vms. i can ping each interface on the LDR from the ESG, but i cannot communicate past the LDR's internal interface.

in reverse, my VM's can ping each other on different networks, and can ping the uplink to their LDR, however they can not contact the internal of the ESG

no firewalls have been configured at this point.

im not sure what i have configured wrong. any help will be much appreciated

Reply
0 Kudos
23 Replies
zhornsby
Enthusiast
Enthusiast

that would be awesome. im trying to demo this for leadership so that we can purchase it. need to have it operational before i demo haha

Reply
0 Kudos
zhornsby
Enthusiast
Enthusiast

should i already have all my network devices configured for mtu 1600? i havent configured my physical network devices for the larger mtu size yet

Reply
0 Kudos
sqamar
VMware Employee
VMware Employee

are you able to ping from ESG towards DLR forwarding IP , other way around ??

because to test IP connectivity from the uplink interface  from the control VM, OSPF or BGP must be configured or at-least enabled, for static routing control VM is not required basically.

Also move your Edge and Test VM onto the same host and see if that helps ?

Reply
0 Kudos
Nick_Andreev
Expert
Expert

Hi zhornsby​,

Can you check firewall on ESG? Its default policy is Deny if you didn't change it during deployment.

---
If you found my answers helpful please consider marking them as helpful or correct.
VCIX-DCV, VCIX-NV, VCAP-CMA | vExpert '16, '17, '18
Blog: http://niktips.wordpress.com | Twitter: @nick_andreev_au
Reply
0 Kudos