Sreec​

thanks! i just solved it by setting forwarding address into 192.168.12.2 and worked just fine.

can't believe that the forwarding address needs to fit the DLR's interface...

really appreciate for answering my stupid question!

i have a final issue that i hope you can help:

the VM under either vxlan1 or 2 is not be able to reach the external network 10.101.6.0/24,

it can ping to 192.168.12.1 or 10.101.6.53 or any internal ip subnet except for the external IP.

edge and router's firewalls were all set to "accept" any traffic.

so annoying...

No worries , Can you provide me with Routing Table output from DLR and Edge ?

where does traceroute command stop, is it possible to send traceroute from the VM to 10.101.6.0 network?

Also how does the Edge announce the Vxlan1 and Vxlan2 subnets to the Physical router? Are they also Ospf or static routing between Edge-Physical is used? The routing table on the Physical router  needs to learn Vxlan 1 and Vxlan2 subnets in order to forward to the Edge Gateway,

ok i got the route from edge and dlr,

this one is EDGE below:

and this is the route of dlr as show below:

i've found an strange issue that i forgot to configure the NAT on edge

but after i set the nat(both snat and dnat), the routing seemed break...

even the vm under vxlan 1 or 2 couldn't ping to 10.101.6.53(edge's uplink), neither does the dlr

here's the nat settings:(i would like to make every machine on 10.101.6.0/24 reach the NSX vxlan network, too)

i've tried the same nat settings in the past for other datacenter and was correct

but this time the routing breaks...

do i need to set a secondary IP for edge's uplink?

If NAT is required, then it is not necessary to have routes on the Physical Router side as it already knows directly connected 10.101.6.0/24 address.

Also from which direction ping is tested? VM to Physical ping SNAT should be sufficient, but fif physical l to VM iping s also required, one-to-one static NAT (destination NAT may be needed).

One important point may be NAT requires the Firewall service on the Edge to enabled: (Without Firewall it doesn't work)

If Firewall enabled, firewall rules may be needed to allow Icmp from inside to outside

https://letsv4real.com/2017/08/04/configure-source-nat-snat-on-nsx-edge/

As mentioned, NAT translates one IP address into another. So, our first step is to have a IP address that we can use to translate to.  Our first step is to make sure the firewall services are enabled on our NSX edge. Without that, we cannot configure NAT.

The NAT'ed IP can be physical IP 10.101.6.53 or another IP on same subnet such as .54, .55 etc.

For DNAT and Firewall Rules for different options this link may be helpful

http://www.routetocloud.com/2014/12/nsx-v-edge-nat/

Secondary IP is always preferred for DNAT . Also any specific reason why you are trying DNAT on Internal Interface ? The correct interface on which to assign destination NAT rules is the interface that receives the network traffic to be translated which would be the uplink interface.The translated address can be any IP address that either exists in a directly-connected subnet, or in a subnet known to the NSX Edge instance that is accessible through routing capabilities (static routes and dynamic routing)

thanks everyone for answering my stupid problem

i'm ending this article because i've burned too much time on this, and also because i had solved my last goal.

i set the machines' gateway (which live on 10.101.6.0/24) to 10.101.6.53, which is ESG's uplink interface

so my "external network" can reach the logical network of NSX

that will be all.

thanks again!