VMware Networking Community
Marmotte94
Enthusiast
Enthusiast
Jump to solution

Tunnel Down when I add a VM on T1 - NSX-t version 3.0.1.1

Hi,

When I add a VM to segment Overlay on my T1. I always this error. Geneve tunnel is down with 0 as error. I use a pfSense and I created two VLAN. One for VTEP Edge and one for VTEP ESXi.

vmkping works fine between edge and ESXi hosts.

Have you got an idea for this issue ?

image (1).pngimage.png

Thank you, 

Regards,

Please, visit my blog http://www.purplescreen.eu/
Reply
0 Kudos
1 Solution

Accepted Solutions
Marmotte94
Enthusiast
Enthusiast
Jump to solution

Hi,

I solved this issue. My pfSense was inside the same environment than NSX-t. When I created pfsense outside, everything works fine.

Tank you,

Please, visit my blog http://www.purplescreen.eu/

View solution in original post

14 Replies
Lalegre
Virtuoso
Virtuoso
Jump to solution

Hello @Marmotte94,

This is indicating that definetely there is an issue while doing the tunnel between the two VTEPs adapter. In your screenshot I can see another IP which is 50.50.50.114 instead of the 50.50.50.112 that is in your screenshot.

Are you configuring everything using VDS or N-VDS?

Reply
0 Kudos
Marmotte94
Enthusiast
Enthusiast
Jump to solution

Hi,

50.50.50.112 is on ESXi host but all works fine with others as well. 

Yes, all are configured correctly I hope. I can use NSX-t on VLAN segment.

Thank you,

Regards,

Please, visit my blog http://www.purplescreen.eu/
Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
Jump to solution

Hey,

Could you please give us more insight about the VDS, N-VDS and Profiles configurations because most of the time the issue is because of one wrong configuration there.

Reply
0 Kudos
Marmotte94
Enthusiast
Enthusiast
Jump to solution

Hi,

I send to you more details with screenshot. I have two profiles (ESXi Host, Edge) for VLAN configuration as well as two address pool.

- All ping from pfSense to ESXi, Edge, T0.

- VMKping work fine between ESXi and Edge server.

Thank you,

Please, visit my blog http://www.purplescreen.eu/
Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
Jump to solution

  1. Few things here:

    1. I can see that you are using two VLAN TZ, one for the edges and the second one for the ESXi. Do you want this configurations to be like this? You do not need to use different VLAN TZ unless you do not want some segments to be unique to each TZ.
    2. On one of the pictures you show that your edge has one Uplink that is connected to the Edge VLAN TZ but has an uplink that is called Overlay. Is this only a name? I am asking this because it could be that you are applying an Uplink profile with a defined VLAN for Overlay but you are using a VLAN TZ.
Reply
0 Kudos
Marmotte94
Enthusiast
Enthusiast
Jump to solution

1 - I have to configure two VLANs because I only have one network card. I saw something on the internet about this.

2 - Do I have to configure Vlan and Overlay TZ on the same nvds ?

Thank you 

 

Please, visit my blog http://www.purplescreen.eu/
Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
Jump to solution

I can see you are also using MTU 9000 and 1600 on different Uplink Profiles, try to standarize that configuration. However I can see that you are specifying the VLAN on the Uplink Profiles so how are you VDS portgroups configured?

Reply
0 Kudos
Marmotte94
Enthusiast
Enthusiast
Jump to solution

Hi,

Ok, I'll change this configuration. The port group is configured with TRUNK. But All interfaces ping from pfSense and MTU works fine from ESXi to Edge.

Thank you,

Regards,

Please, visit my blog http://www.purplescreen.eu/
Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
Jump to solution

The ping could work if the connectivity is there and the size is not getting fragmented, however I thing found something:

On the edge you are using the next configuration:

Lalegre_0-1604925488047.png

As I can see, the TZ you are using is a VLAN one:

Lalegre_1-1604925553381.png

However you are using the VTEP Uplink Profile which has a defined VLAN:

Lalegre_2-1604925611188.png

This should not be the issue as on the picture two (2) I can confirm that you are using 3 Transport Nodes which should the NSX Edge we are troubleshooting and some ESXi.

I think this issue will be better to fix if you share with us what were you trying to configure in a diagram perspective. I assume you are trying to follow the VMware Docs configurations.

 

Reply
0 Kudos
Marmotte94
Enthusiast
Enthusiast
Jump to solution

I'm trying and test to add a virtual machine on T1 segment whit his GW. When I connect a virtual machine on this segment the tunnel GENEGE goes down.

But I can used NSX-t for VLAN only (So East/West only). I think there a mistake somewhere or I don't understand something.

Please, visit my blog http://www.purplescreen.eu/
Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso
Jump to solution

I understand what is not failing for you but unfortunately we need to see the full picture to see why is not working, that is why I am asking if you went over the documentation.

VLAN connectivity is working because the traffic does not go over the VTEPs so you do not need any encapsulation and the tunnel is getting down because there is some issue while doing the tunnel.

I recommend you to follow the next series: https://shuttletitan.com/nsx-t/nsx-t-installation-series/nsx-t-installation-series-step-9-configure-...

As you do not have anything configured you can start from the very beginning to make sure you understand everything you are doing.

 

Reply
0 Kudos
Marmotte94
Enthusiast
Enthusiast
Jump to solution

Hi,

Thank you for your help. But I didn't solve this issue yet. All work fine with VLAN segment, BGP. But not overlay, I checked all configuration without any resolution.

I think I'll wait version 3.1 ready to download on VMUG Advanced.

Thank you,

Regards,

Please, visit my blog http://www.purplescreen.eu/
Reply
0 Kudos
shank89
Expert
Expert
Jump to solution

A bit more information as to how and why it all works the way it does can be found here. https://www.lab2prod.com.au/2020/11/nsx-t-inter-TEP.html?m=1#more

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
Reply
0 Kudos
Marmotte94
Enthusiast
Enthusiast
Jump to solution

Hi,

I solved this issue. My pfSense was inside the same environment than NSX-t. When I created pfsense outside, everything works fine.

Tank you,

Please, visit my blog http://www.purplescreen.eu/