natec_k
Contributor
Contributor

Unable to connect T0 gateway to my physical router

Jump to solution

Hi, i'm hoping someone can give me some guidance here. I'm working in a lab environment, building out an NSX-T configuration. My lab consists of vCenter and vSphere 6.7, and NSX-t 3.1. I've successfully deployed a single NSX manager, added vCenter as my compute manager, configured uplink and transport node profiles, and deployed a single edge node. I'm using N-VDS, as VMware's compatibility guide advises that VDS is not compatible with that configuration. 

The issue i'm having is that i have now deployed a T0 GW for north south communication, and i am not able to ping from the interface on my physical router, to the interface on the VRF/T0 GW, even though they are on the same subnet, same port group, and, oddly enough, even thoug i can successfully traceroute from the VRF to my physical router interface. (See below)

natec_k_0-1617513161793.png

natec_k_1-1617513443608.png

 

Can anyone here offer me some guidance as to where i may be going wrong/ i would much appreciate it. 

Note: my lab rtr has no access-lists configured, the default firewall rule on the T0 GW is set to allow, the vlan for the subnet is tagged on segment/uplink profile/T0 interface/and port group

 

0 Kudos
1 Solution

Accepted Solutions
shank89
Expert
Expert

Can you also post the Edge's N-VDS config.  Are those portgroups trunked portgroups or tagging a specific VLAN?
I think this is going to come down to how you have configured the uplink interfaces on the edge.

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3

View solution in original post

9 Replies
shank89
Expert
Expert
  • Are you able to post pictures of your config?
  • Have you trunked all VLANs for the environment correctly?
  • Can you re-attempt the traceroute, but use the source command on the end to specify the uplink interfaces IP address?
  • Ensure the uplink subnet is working correctly, you could plumb another VM onto a segment tagged with the correct VLAN ID and see if you can ping the gateway.
  • use the command get forwarding on the T0 SR, see what results you get, also get route, you should be able to see the locallly connected subnet.  An address / mask isn't misconfigured is it?

 

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
0 Kudos
natec_k
Contributor
Contributor

Hi Shank, thanks for your help. in answer to your questions:

Which aspects of the config should i post?

The vlans are trunked correctly within vSphere, i'm not sure that they are being passed correctly through to NSX however. 

In running the traceroute again just now, i tried 3 variations. I ran it as you suggested with the source ip - this was successful. i ran it to another IP that was not configured on any device but belonged to the same subnet - this was successful. i shut down the interface on the edge corresponding to the VRF/T0, then run it again to the same IP that was not configured on any device but belonged to the same subnet - this was also successful. it leads me to believe that it's not communicating on the defined VLAN subnet at all, and that something else may be intercepting and providing network info for that subnet to the T0. 

I'm not sure what that could be, as DHCP is not configured on my network, and there are no devices that have been configured on that subnet asides from the SW and RTR. 

perhaps my config may shed some light on this, but i'm at a loss as to where to start. can you advise me as to what aspects of the config i should provide first?

0 Kudos
shank89
Expert
Expert

What are you using as your gateway / router for the lab?

For the config, post your T0 uplink interfaces and segment configuration.  
It should be something similar to this:

  • Edge VM in vSphere should have 3 interfaces, first is management and the next two are for data, generally trunking portgroups.
  • Within NSX-T, configure a VLAN backed segments, these should be tagged with the correct VLANs for your uplinks and attached to a VLAN transport zone that your edges are a part of.
  • in the T0 uplink interface configuration, create an uplink interface, use the segment you created above as the connected to segment, assign an appropriate IP.  This should give your edge outbound access across the uplink interface. 

If you can post pictures of this and let us know what VLANs you should be using, we should be able to confirm this.

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
Tags (1)
0 Kudos
natec_k
Contributor
Contributor

gateway router is a CSR1000v

EDGE:

natec_k_0-1617519874822.png

note: i'm using the same network for management, and the overlay network, hence adapter 1 and 2 being in the same port group. VLAN 50 is the vlan backed network for data transport

 

SEGMENT:

natec_k_1-1617520093346.png

note: only one segment configured so far for uplink to physical router

 

T0 Uplink Interface:

natec_k_2-1617520245945.png

note: only one uplink interface configured

 

0 Kudos
shank89
Expert
Expert

Can you also post the Edge's N-VDS config.  Are those portgroups trunked portgroups or tagging a specific VLAN?
I think this is going to come down to how you have configured the uplink interfaces on the edge.

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
natec_k
Contributor
Contributor

the portgroups are tagging a specific vlan. 

there a two N-VDS switches configured for the EDGE:

natec_k_0-1617522000082.png     

natec_k_1-1617522049566.png

 

 

0 Kudos
shank89
Expert
Expert

So you really only need a single hostswitch configured with the uplink interface, change the portgroups to trunking, tag the traffic within NSX-T and change the management portgroup to a tagged portgroup.

 

EG

 

shank89_0-1617522284585.pngshank89_1-1617522363794.png

shank89_2-1617522406751.png

 

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
0 Kudos
natec_k
Contributor
Contributor

thanks for this. i completely forgot to use the trunked portgroup rather than the specific tagged portgroup. at 3:47am, everything becomes a blur. i'm from the NSX-V world, and though there is a fundamental similarity, there is also an explicit technical separation between the two. but after using the latter for so long, it gets easy to miss the little things when you're tired. Thanks much man, big help. connectivity up now. 

0 Kudos
shank89
Expert
Expert

No probs, please kudo helpful posts and mark the thread as solved :). 

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
0 Kudos