VMware Cloud Community
marc6272
Contributor
Contributor
‎09-01-2023 02:54 AM

NAT and Provider Gateway based on Tier 0 VRF Gateway

We are experiencing a weird NAT issue while experimenting with Tier0 VRF Gateways (VCD 10.5, NSX 4.1.1).

Environment 1: VM -> Routed Network -> Edge Gateway (with NAT configured) -> Shared T0 Gateway -> Internet -> ping 8.8.8.8 works
Environment 2: VM -> Routed Network - Edge Gateway (with NAT configured) -> Dedicated VRF T0 Gateway -> Internet -> ping 8.8.8.8 fails

In other words, exact same setup with the only difference being the use of a dedicated VRF Gateway for the Provider Gateway used by the Edge.

Now, it works end to end as adding an IPv6 prefix to that same VM (with the corresponding FW rules) allows that VM to ping 2001:4860:4860::8888 (no NAT used for IPv6).

Anyone got NAT to work using VRF Gateways as T0? Note that we also advertise both IPv4 and IPv6 routes through an IPv6 neighbor for both environments

Thanks,

Marc.

Reply
0 Kudos
1 Reply
marc6272
Contributor
Contributor
‎09-01-2023 06:39 AM

Issue solved with a workaround.

Adding an IPv4 BGP Neighbor to the VRF Gateway solves the issue.

In other words, the IPv4 BGP neighbor is not required for Tier 0 Gateways (IPv6 neighbor configured with IPv4 and IPv6 address families is OK) but it is required for VRF Tier0 Gateways. Seems like a bug somewhere in NSX-T!

Reply
0 Kudos