VMs on Segment pingable only when T1 is bypassed and Segment is directly connected to T0.
BLUFF: I have a working Segment (S1) connected a T1 (T1-A) that connects to a T0. VMs on S1 are able to reach the whole network (physical workstations and VMs on different subnets (managed NSX-T and non-managed NSX-T).
I created a new Segment (S2) and a new T1 (T1-B) and connected it to the T0. S2 and T1-B configurations match the working S1 and T1-A but the VMs on S2 are inaccessible and cannot ping anything (East-West nor North-South).
If I directly connect S2 to T0, the VMs on S2 can reach everything.
Traceflow shows the ICMP packets as delivered even though I cannot ping the machine Traceflow said was delivered to while on a VM in S2.