VMware Networking Community
Jean_PF
Contributor
Contributor
Jump to solution

NSX-V VM and Edge Services Gateway

Good Day,

I set up a simple NSX-V lab to train for my futur exam.

However, I got a problem to communicate my VM and the Edge Services Gateway.

Enclosed, the network diagram.

When the VM and the Edge Services Gateway are not in the same host ESXi, the VM can't ping the Edge Services Gateway.

However, when they are in the same host ESXi, they can ping each other.

The DLR works fine.

What is the recommandation ?

Thank you

Jean

1 Solution

Accepted Solutions
nipanwar
Enthusiast
Enthusiast
Jump to solution

GUI only shows vxlan configuration of your hosts and its all ok.

problem is that your physical network is not passing vxlan packets.

Issue the ping commands again but with size 1450 this time to rule out the MTU issue.

Also, can you share the physical switch ports configuration where the hosts connect

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

Reply
0 Kudos
14 Replies
MartinGustafsso
VMware Employee
VMware Employee
Jump to solution

Are all hosts configured for NSX (vTEP)?

VXLAN vlan available on uplinks? Same cluster/transport zone?

Where does the traffic stop when the VM is on hostX and ESG on hostY?

Reply
0 Kudos
Jean_PF
Contributor
Contributor
Jump to solution

Hi,

All host are configured for the NSX (vTEP).

I didn't configure any VXLAN on my physical switch because it doesn't support it.

Yup, same cluster/transport zone

In the attachments, my NSX configuration and the trafic stop.

this is weird. with DLR, there is no problem.

Thank you for your help

Jean

Reply
0 Kudos
lmoglie
Enthusiast
Enthusiast
Jump to solution

Hi Jean_PF,

forgive me the silly question ... on EDGE Service Gateway, the default GW has been configured??

- can you share the edge settings ??

- From the Edge, are you able to ping the DLR and out to the Internet?? (next hop is enough, ... I mean the physical router)

Regards,

LM

Reply
0 Kudos
nipanwar
Enthusiast
Enthusiast
Jump to solution

Issue is with VXLAN. Communication across hosts happen on VXLAN and need 1600 MTU.

Do you have required MTU (1600) on physical switches?

Also I don't see any VLAN being used to carry VTEP traffic, are your physical switch links (3 such links) correctly configured in access mode?

you can confirm physical network configuration by logging into 192.168.0.203 and then ping vmk of other host.

on host 192.168.0.203 issue this command:

vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215

vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216

vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217

Reply
0 Kudos
Jean_PF
Contributor
Contributor
Jump to solution

Hi lmoglie,

Yeah, the default GW has been configured on the EDGE and DLR.

The EDGE can ping out the internet and my physical router.

However, when the VM and the EDGE is not in the same host ESXi, they can't ping each other.

MTU has been configured to 1600 in the physical switch

Jean

Reply
0 Kudos
Jean_PF
Contributor
Contributor
Jump to solution

Hi virtuallyme

The 3 links are in trunk mode in the physical switch.

I will switch tomorow in access mode and let you know.

How do you issue the following command on the host 192.168.0.203 ?

vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215

vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216

vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217

Thank you

Jean

Reply
0 Kudos
nipanwar
Enthusiast
Enthusiast
Jump to solution

SSH to the host and issue the command.

Reply
0 Kudos
Jean_PF
Contributor
Contributor
Jump to solution

Hi virtuallyme,

I just issue the command from host 192.168.0.203 here the output :

[root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215

PING 192.168.0.215 (192.168.0.215): 1550 data bytes

1558 bytes from 192.168.0.215: icmp_seq=0 ttl=64 time=0.279 ms

1558 bytes from 192.168.0.215: icmp_seq=1 ttl=64 time=0.226 ms

1558 bytes from 192.168.0.215: icmp_seq=2 ttl=64 time=0.292 ms

--- 192.168.0.215 ping statistics ---

3 packets transmitted, 3 packets received, 0% packet loss

round-trip min/avg/max = 0.226/0.266/0.292 ms

[root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216

PING 192.168.0.216 (192.168.0.216): 1550 data bytes

--- 192.168.0.216 ping statistics ---

3 packets transmitted, 0 packets received, 100% packet loss

[root@localhost:~]

[root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217

PING 192.168.0.217 (192.168.0.217): 1550 data bytes

--- 192.168.0.217 ping statistics ---

3 packets transmitted, 0 packets received, 100% packet loss

pastedImage_1.png

From host 192.168.0.203, I can't ping 192.168.0.216 and 192.168.0.217 through vxlan.

This is weird because the GUI shows vxlan configuration is fine

Jean

Reply
0 Kudos
nipanwar
Enthusiast
Enthusiast
Jump to solution

GUI only shows vxlan configuration of your hosts and its all ok.

problem is that your physical network is not passing vxlan packets.

Issue the ping commands again but with size 1450 this time to rule out the MTU issue.

Also, can you share the physical switch ports configuration where the hosts connect

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Reply
0 Kudos
Jean_PF
Contributor
Contributor
Jump to solution

Hi virtuallyme,

You are right. The problem was my physical switch. I need to reboot the physical switch and everything is good.

I have one more question.

What do you recommand for a new installation : NSX-T or NSX-V ?

The needs are :

- reliable system

- micro segmentation

- DFW

The environnment is only VMware

Thank you for your answer : )

Jean LY KENG

Reply
0 Kudos
MartinGustafsso
VMware Employee
VMware Employee
Jump to solution

NSX-T is the direction going forward. Prepare your lab!

Jean_PF
Contributor
Contributor
Jump to solution

Hi MartinGustafsson,

Thank you for the answer.

Do you think it's possible a have the appliance of NSX-T (ESXi) for training ?

Thank you for your help

Jean

Reply
0 Kudos
nipanwar
Enthusiast
Enthusiast
Jump to solution

as suggested NSX-T is the way.

With respect to features NSX-T is on parity with NSX-v and more features will be added only to NSX-T

A single appliance to simulate entire NSX-T is not there.

You can download (from vmware.com) and install NSX-T managers and set up NSX-T lab.

Reply
0 Kudos
Jean_PF
Contributor
Contributor
Jump to solution

Hi virtuallyme,

Noted, thank you for your advice, I will show to my customer the direction to take for the NSX.

Actually, my current access from vmware.com doesn't give me the right to download NSX-T 😕

No problem to download NSX-V.

Many thanks

Jean