Hi, i'm hoping someone can give me some guidance here. I'm working in a lab environment, building out an NSX-T configuration. My lab consists of vCenter and vSphere 6.7, and NSX-t 3.1. I've successfully deployed a single NSX manager, added vCenter as my compute manager, configured uplink and transport node profiles, and deployed a single edge node. I'm using N-VDS, as VMware's compatibility guide advises that VDS is not compatible with that configuration.
The issue i'm having is that i have now deployed a T0 GW for north south communication, and i am not able to ping from the interface on my physical router, to the interface on the VRF/T0 GW, even though they are on the same subnet, same port group, and, oddly enough, even thoug i can successfully traceroute from the VRF to my physical router interface. (See below)
Can anyone here offer me some guidance as to where i may be going wrong/ i would much appreciate it.
Note: my lab rtr has no access-lists configured, the default firewall rule on the T0 GW is set to allow, the vlan for the subnet is tagged on segment/uplink profile/T0 interface/and port group
Can you also post the Edge's N-VDS config. Are those portgroups trunked portgroups or tagging a specific VLAN?
I think this is going to come down to how you have configured the uplink interfaces on the edge.
Hi Shank, thanks for your help. in answer to your questions:
Which aspects of the config should i post?
The vlans are trunked correctly within vSphere, i'm not sure that they are being passed correctly through to NSX however.
In running the traceroute again just now, i tried 3 variations. I ran it as you suggested with the source ip - this was successful. i ran it to another IP that was not configured on any device but belonged to the same subnet - this was successful. i shut down the interface on the edge corresponding to the VRF/T0, then run it again to the same IP that was not configured on any device but belonged to the same subnet - this was also successful. it leads me to believe that it's not communicating on the defined VLAN subnet at all, and that something else may be intercepting and providing network info for that subnet to the T0.
I'm not sure what that could be, as DHCP is not configured on my network, and there are no devices that have been configured on that subnet asides from the SW and RTR.
perhaps my config may shed some light on this, but i'm at a loss as to where to start. can you advise me as to what aspects of the config i should provide first?
What are you using as your gateway / router for the lab?
For the config, post your T0 uplink interfaces and segment configuration.
It should be something similar to this:
If you can post pictures of this and let us know what VLANs you should be using, we should be able to confirm this.
gateway router is a CSR1000v
EDGE:
note: i'm using the same network for management, and the overlay network, hence adapter 1 and 2 being in the same port group. VLAN 50 is the vlan backed network for data transport
SEGMENT:
note: only one segment configured so far for uplink to physical router
T0 Uplink Interface:
note: only one uplink interface configured
Can you also post the Edge's N-VDS config. Are those portgroups trunked portgroups or tagging a specific VLAN?
I think this is going to come down to how you have configured the uplink interfaces on the edge.
the portgroups are tagging a specific vlan.
there a two N-VDS switches configured for the EDGE:
So you really only need a single hostswitch configured with the uplink interface, change the portgroups to trunking, tag the traffic within NSX-T and change the management portgroup to a tagged portgroup.
EG
thanks for this. i completely forgot to use the trunked portgroup rather than the specific tagged portgroup. at 3:47am, everything becomes a blur. i'm from the NSX-V world, and though there is a fundamental similarity, there is also an explicit technical separation between the two. but after using the latter for so long, it gets easy to miss the little things when you're tired. Thanks much man, big help. connectivity up now.
No probs, please kudo helpful posts and mark the thread as solved :).