We just deployed NSX in a test environment and created the following configuration (see image below). We are able to ping machines in different Logical Routers and ping up to the uplink interface of the Edge Gateway (192.168.1.3) from a VM, but we can't reach the 192.168.1.0/24 gateway which is the .1 address. From outside the NSX based network, we are able to ping down to the Edge Uplink, 192.168.1.3 but not deeper.
I have attached the network diagram as well as the edge gateway interface configuration.
NSX version 6.4.5
ESXi version 6.7.0
vCenter version 18.104.22.168000
Thanks in advance for your help.
You need to configure routing between the edge and the physical router. Otherwise the physical router does not know how to reach the networks behind the edge. Since you already got a default gateway on the Edge the easiest configuration would be to configure on the physical router a static route to the networks behind the Edge (on the diagram they could be summarized as 10.10.0.0/16 and 10.20.20.0/24) pointing to the edge's external IP (192.168.1.3). If this is a Cisco router the syntax would be:
ip route 10.10.0.0 255.255.0.0 192.168.1.3
ip route 10.20.20.0 255.255.255.0 192.168.1.3
One other thing that is important is to check routing between the DLR and the Edge. That might also need some routes, most probably on the Edge pointing to the DLR for the networks behind the DLR. On the DLR a default gateway would be enough.
I created an interface in the 192.168.1.0 network and created static routes as you adviced in it, but now the interface created when queried for a 10.20.20.0 network or one of the 10.10.0.0 networks just responds as the network is unreachable
Laptop outside NSX env
VM inside NSX env
Can you please send the following info:
- ping and tracert from laptop to 192.168.1.3
- complete routing table of the router
Still seems that the router does not know how to get to the networks inside NSX-v.
and thats the complete routing table
this is the interface I had to create in order to allow the static routing, already checked with gateway as .3 and its the same result, forgot to mention rn the edge's gateway is .5
Now I am confused. What is the laptop's IP? Can you please draw a diagram that shows 192.168.1.1, 192.168.1.3 (this is the ESG) and 192.168.1.5 and how they are connected? What is the ESGs default gateway?
Seems like the problem is in your router, which looks to me has 2 IPs in the same network (that's very strange!). The tracert stopping at 192.168.1.5 shows that the router is not knowing where to send the packets it should send to the ESG.
This was my first approach, omitting networks below the edge to reduce complexity but its a DLR with 3 Logical Routers attached to it
This was the second approach, there was no other way to create the Static Routing
This is the third approach using an old router we had laying around, used the router diagnostic utility to create the ping and tracert tests, can ping to 192.168.1.3 but not deeper
Reviewing everything you sent I did not find the configuration of the Edge Firewall. It might be blocking there. To view it you need to access from the Flash client, as it does not show in the HTML 5 client. Can you check this?
setting up the routes directly to the routes in windows (route -p ADD 10.10.0.0 MASK 255.255.0.0 192.168.1.3) seems to function, so the edge is correctly routing to the NSX infrastructure, but a VM in NSX is not able to reach the laptop nor any other device.
OK. I think that a step ahead as be done , now... be sure that Default GW on the EDGE is configured properly (you can also try, for test, configure the GW of the EDGE pointing to the laptop). Then let me know if you are able to reach the laptop trying to ping from the EDGE Gateway.
Hello I am very interested in this case and a little bit confused [will read you replies again] but for now are you sure that your ESG is configured to point to the DLR for the 10 Networks?
Have you tried re-configuring the Networks to run any Dynamic Protocol such as OSPF let the NSX env stays in NSSA and the Physical Router to be a NSSA or totally NSSA to Auto.generate a default route ?
Yes, the ESG is configured to point to the DLR.
Recently I tested the OSPF protocol, but the physical router .1 is a verry basic model (ISP provided modem/router) and I tried using more advanced router .2 but this router does not support OSPF, and for some reason even with static routes configured on it the innter networks can't be reached
You still can configure OSPF between DLR and ESG and advertise a default route for the NSX env / for pysical world you may leave the static as it is pointing to the ESG
regardless of using dynamic routing or static routing, have you managed to solve?
if not, can you please tell us how many uplinks do you have the vDS?? and the in teaming and failover which kind of load balancing is set?? Have you tried to vmotion the Edge on another host??