Route between VRFs

Petersaints · ‎03-26-2021

Hello all,

I'm using VRF lite on NSX-T 3.1. I'm facing the following issue:

I need that Customer1 VRF can reach internet. To do that i create a static route on Customer1 VRF to reach the 1st T1. The route is 0.0.0.0/0, next hop x.x.x.1 (scope T0). On my T0, i have a static route to reach PROD T1 and other static to reach DEV T1 (.7 and .13 - scope customer1). Everything work, i have internet access.

But, if on Customer1 VRF i change the 0.0.0.0/0 route to reach the 2nd T1 (next hop x.x.x.17 - scope T0) or even the .16 of T0, instead of .1 ip, i loss internet access. What is the difference? Why if i point to 1st T1 works? I don't have any hit on gateway firewall.

Can anyone explain?

Thanks.

Regards.

nmichelnsbu · ‎03-26-2021

In order to reach the internet from your VRF Customer 1, you should have a 0.0.0.0/0 pointing to a next hop that does not belong to the outside fabric.

Since you have multiple uplinks, I would create some loopbacks on the TOR and point to them.

I have never tried pointing to the other T1 in order to reach something north bound.... I will though.

Try the methodology above please.

Thanks

Nicolas

Petersaints · ‎03-26-2021

Hi @nmichelnsbu

What do you mean with "pointing to a next hop that does not belong to the outside fabric"?

My T0 is connect via BGP to TOR, and the internet connection if through a vlan backed.

Thanks.

All

Route between VRFs

hello