Hello all,
I'm using VRF lite on NSX-T 3.1. I'm facing the following issue:
I need that Customer1 VRF can reach internet. To do that i create a static route on Customer1 VRF to reach the 1st T1. The route is 0.0.0.0/0, next hop x.x.x.1 (scope T0). On my T0, i have a static route to reach PROD T1 and other static to reach DEV T1 (.7 and .13 - scope customer1). Everything work, i have internet access.
But, if on Customer1 VRF i change the 0.0.0.0/0 route to reach the 2nd T1 (next hop x.x.x.17 - scope T0) or even the .16 of T0, instead of .1 ip, i loss internet access. What is the difference? Why if i point to 1st T1 works? I don't have any hit on gateway firewall.
Can anyone explain?
Thanks.
Regards.
In order to reach the internet from your VRF Customer 1, you should have a 0.0.0.0/0 pointing to a next hop that does not belong to the outside fabric.
Since you have multiple uplinks, I would create some loopbacks on the TOR and point to them.
I have never tried pointing to the other T1 in order to reach something north bound.... I will though.
Try the methodology above please.
Thanks
Nicolas
Hi @nmichelnsbu
What do you mean with "pointing to a next hop that does not belong to the outside fabric"?
My T0 is connect via BGP to TOR, and the internet connection if through a vlan backed.
Thanks.