VMs can ping DLR interfaces (all of them) Inside and outside.
VMs can NOT ping through DLR to ESG
ESG can ping DLR interfaces (all of them) Outside and inside (VM Default gateway)
But ESG can NOT ping through DLR to VMs (but can ping a VM default gateway).
What would cause DLR not to pass VM traffic through itself to outside world?
Currently all FWs are off on DLR, ESG, and ANY/ANY on DFW.
OSPF Neighbors are correct and Default routes working on DLR and ESG.
Even with SSH enabled, DLR wont let me putty to it, even from same subnet.
FYI, both DLR and ESG can ping 8.8.8.8. Only VMs cannot get out.
Hi mikalsan
Did you enable route redistribution for "connected" networks to the OSPF routing table on the DLR ?
Hi mikalsan,
The DLR appliance can be a little weird when it comes to communicating to/from it directly. The interface IPs assigned to logical switch interfaces don't actually exist on the control VM. They are 'LIFs' or 'logical interfaces' that exist on every ESXi host in the transport zone. If you configure dynamic routing on the DLR, you'll define a 'protocol address' as part of the process. That address should actually exist on the control VM, and can be used for ping tests, as well as to SSH into the VM etc.
Hope this helps.
Regards,
Mike
Thank you for the verification on that. I am able to ssh to the control VM or protocol address of the DLR. Routing is correct on the DLR control VM and can get to 8.8.8.8 outside the environment. Still do not understand by VMs cannot communicate past the LIF.
Yes. DLR is configured to redistribute connected. As stated above, routing table on ESGs are correct.
DLR control VM also has an OSPF redistributed static from each of the upstream ESGs.
Thank you for the reply.
They can't ping their gateway, nor can they ping VMs on other hosts. Again, this is pretty high level, but above you'll notice that we are not using local egress bluestacks.