Hi,
I am trying "curl https" from a VM connected to a NSX-T segment:
[root@test2-pro ~]# curl -v https://google.com
* About to connect() to google.com port 443 (#0)
* Trying 216.58.208.110...
* Connected to google.com (216.58.208.110) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer
If I connect this VM to a port group in vCenter (port group in the vDS I use for NSX-T), the same command works:
[root@test2-pro ~]# curl -v https://google.com
* About to connect() to google.com port 443 (#0)
* Trying 216.58.208.110...
* Connected to google.com (216.58.208.110) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=*.google.com
* start date: jun 27 08:17:39 2022 GMT
* expire date: sep 19 08:17:38 2022 GMT
* common name: *.google.com
* issuer: CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: google.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Date: Thu, 14 Jul 2022 17:51:38 GMT
< Expires: Thu, 14 Jul 2022 17:51:38 GMT
< Cache-Control: private, max-age=2592000
< Server: gws
< Content-Length: 220
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: CONSENT=PENDING+024; expires=Sat, 13-Jul-2024 17:51:38 GMT; path=/; domain=.google.com; Secure
< P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact
[root@test2-pro ~]#
I've tried linking the segment to a T1 router and a T0 directly and same error.
Any ideas?
Thanks.
Hi rliu,
You are right.
vmk10 ping between ESXi host and edge nodes not working for 1600.
I've realized after this, edge nodes TEP interface in attached to a vDS with MTU 1500.
Thanks a lot for your help!!!