VMware Networking Community
jbabcock2017
Contributor
Contributor

VM's on separate tier networks cannot ping anything

I am new to nsx, trying to learn to prepare for cert test so this may be a somewhat newbie question to some. I have followed multiple guides online and spent a fair amount of time researching and troubleshooting before heading here for help......so I appreciate any help given.

My setup:

Internet <-> Edge Router Lite <-> Edge GW <-> DLR <-> Logical Switches <-> VM's

I followed this guide to the letter (except different ip's)

Intro to NSX - Distributed Logical Routing and Edge gateway with NAT — 4aero Blog

With this very basic setup (IMHO), I cannot ping anything from the VM's, not even their GW IP's of 10.1.10.1 and 10.1.20.1, etc

From my admin pc I can ping the Edge GW, DLR GW IP 10.1.100.1, etc but cannot ping VM IP's or their GW.

One point that has me scratching my head is I cannot ping the forwarding ip on the DLR of 10.1.100.2 from admin pc either (expected?)

All FW are setup to accept all traffic

I am really at a loss as to what to check next. I did research the DLR various interface types and ran the cli commands to see what was setup for interfaces and

I noticed the VDR interface which is supposed to be used for all LIF (logical switch) IP's does not show the IP's above (10.1.10.1/10.1.20.1) listed as documenation

describes should be the case. It only shows as being connected.

Here are the route tables:

EDGE GW:

pastedImage_2.png

DLR:

pastedImage_3.png

Any thoughts/suggestions of what to check next would be great.

Here is a simple diagram of what I setup:

pastedImage_0.png

Reply
0 Kudos
3 Replies
RaymundoEC
VMware Employee
VMware Employee

you paste ESG routes twice, will be nice to have the show routes on DLR.

basic checkup:

check FW rules on VM.

if ESXi is good on agents like routing (netcpa)

if ESXi, where that VM is consuming networking services, is prepared or has a dvPortgroup with the UUID of the LS you connect the VM

check this link as well (DLR TS):

VMware Knowledge Base

regards

+vRay
Reply
0 Kudos
jbabcock2017
Contributor
Contributor

Thanks for the reply.

Here is the routes on DLR:

pastedImage_0.png

I have check VM and there is no FW running. I am using a small linux vm called alpine.

The netcpa service is running and I have tried restarting it. The esxi agent is reporting in web client as running ok.

The VM I am testing with is showing as being connected to LS:

pastedImage_1.png

I have gone through some of the troubleshooting commands to verify connectivity and one part that stood out to me was the VDR interface. According to documentation the VDR is used for all internal LIF's on DLR and should show the IP's for each when checking interfaces on DLR. This is what mine shows:

pastedImage_2.png

As you can see, no IP's are listed.......so I am thinking this is part of the problem. From the DLR for example, at a minimum i should be able to ping any ip with an interface, etc. however I am unable to ping 10.1.10.1 or 10.1.20.1........

Reply
0 Kudos
jbabcock2017
Contributor
Contributor

After more troubleshooting and reading I have found this below, which I believe is the issue:

pastedImage_0.png

Now trying to figure out why.

Reply
0 Kudos