Cant seem to get VCDNI network isolation VM's to communicate with edge gateway


I am running VCD 5.5 and deployed VCDNI network pools.  I have configured the edge gateway to have firewall disabled, enabled DHCP, configured sub-ip allocations to allow the edge device access in and out.  I have also configured SNAT and DNAT settings as well.  Now doing a similar configuration using port group backed seems to work just fine and as expected.  However when I try using VCDNI or even VLAN backed the VM's that are deployed cant seem to even ping their default gateways they received from the edge device's DHCP scope.  I have a feeling that our networking team may have something misconfigured with respect to MTU ( which btw in my dvswitch is set to 9000 and the port group is type VLAN so I can tag it) but even if that were the case should the VM's at least be able to ping their default gateways or even eachother on the same vapp...I would think that this would all still be internal traffic before it even hits any physical networking layers.  If someone could suggest things to check or test or ways to see the traffic and where it gets stopped it would be appreciated.  Thanks in advance

0 Kudos
1 Reply

Could be a few things.  Here are the first few steps I would try.

1 - by default PING is blocked for edge devices.  Enable the firewall and add a rule (protocol=ANY; SOURCE=ANY; DEST=ANY)   this way you can know it is not a traffic rule stopping you.

2 - move all the VMs to the same host, the VSE device vm and the guest vm's - if things start to work then this tells you it is something in the upstream network (or connection to the upstream network)

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful