i use esxi 5.5 and nsx 6.1.4
and 4 physical machines
i have 2 sub net 192.168.0.0/24 and 192.168.10.0/24
i use 2 physical switch each one for 1 sub net but the switches are not connected
one cluster
ome controller
the all of esxi are connected to the 2 sub net with 2 pnic
1 VDS for the cluster
the vms are simply windows.iso just for simulate clients network
i have 4 windows vms
vm1 and vm 2 in esxi 3
vm3 and vm4 in esxi 4
vm1 and vm 3 in the network (10.1.0.0/24) connected to logical switch 1
vm2 in esxi 3 and vm 4 in esxi 4 connected to LS2 (10.2.0.0/24)
16GB in each machine
i use windows server 2012 r2 for AD and DNS
i congigured a DLR between LS1, LS" and transit LS
but the ping fails between VMS in different sub-net
Anay idea ?
For http access to vm through a public IP, DNAT (Destination NAT) is needed on the Edge Gateway ESG.
This article about DNAT section explains about the configuration steps. One Point to note is that for NAT Functionality firewall needs to be enabled and a firewall rule for the public address http needs to be entered.
http://www.routetocloud.com/2014/12/nsx-v-edge-nat/
On the CLI of the NSX Manager SSH, DLR could be checked with the following commands: (Possible to send the output of below commands?)
These links may help on the output of logical-router commands on Central CLI of NSX Manager:
http://brettdrayton.com/vmware-nsx-6-2-central-cli-introduction/
show logical-router list all --> Lists all DLR instances with edge-id (This edge-id is used in the following commands)
show logical-router list dlr edge-id host --> Check on which hosts the DLR is installed. This should list bot ESXi3 and 4 with their host ids)
show logical-router controller controller-1 dlr edge-id interface --> Check the the Gateway IP Address of the VMs is seen by the controller. This command should give the Gateway IP of both LS1 and LS2.
show logical-router host host-id dlr edge-id arp --> Check DLR ARP Table on ESXi3 and 4. The arp table should include VMs.
Check DLR instance and LIF exists on the host
Troubleshooting DLR routing issue --> These commands not needed as both LS1 and LS2 connected to same DLR.
From the diagram both LS1 and LS2 is connected to DLR, and VMs can ping the DLR.
Is it possible to send the outputs of the commands on the NSX Manager CLI?
On the diagram it shows a dFW rule, so could there be a firewall rule blocking ICMP?
the FW is disabled
Is it the DLR Firewall, or the Distributed Firewall that is disabled ? They are 2 seperate Firewalls,
DLR fW is related to the packets coming to DLR Control VM itself, the dFW may be imporrtant in blocking ICMP even with DLR Firewall disabled.
Also the commands after SSH to NSX CLI may help to observe the View of the DLR and Controllers, because without these commands it is difficult to troubleshoot.
The DLR Firewall:
Distributed Firewall:
Also the status of the distrbuted Firewall may be observed as below: (By default it is enabled with default permit rule)
Installation > Host Preparation> Cluster
ah the network adapter of dlr vm are not connected to LS
how i can edit settings
Firewalls seem ok, so this is probably related to the DLR Configuration.
DLR VM is responsible for Dynamic Routing updates to the VIB Modules. So It has one interface (Protocol IP Address) connected to the transport Vxlan between ESG and DLR. During the configuration it is not connected to the VM LS1 or LS2.
The LS1 and LS2 gateway IP addresses reside on ESX1 and ESX2 VIB Modules Lif Interfaces, and they both have same IP and MAC addresses on both hosts.
LS1 and LS2 should be connected to the Lif interfaces of the DLR, when the DLR is edited are the IP addresses of the Lif interfaces connected to Lifs?
http://www.routetocloud.com/2014/06/nsx-distributed-logical-router/
Lif interfaces:
ok
i have the same configuration but for vms I USE 10.1.0.0/24 and 10.2.0.0/24
i choose 192.168.10.2/29 for uplink interface
and the gateway 192.168.10.1
but the dlr is unable to ping the GW and VMS too
i'm very stupid it was the vm fw because the vm is windows
another question why i can connect to vms with a public ip using http
For http access to vm through a public IP, DNAT (Destination NAT) is needed on the Edge Gateway ESG.
This article about DNAT section explains about the configuration steps. One Point to note is that for NAT Functionality firewall needs to be enabled and a firewall rule for the public address http needs to be entered.
http://www.routetocloud.com/2014/12/nsx-v-edge-nat/
oh excellent this diagram thank you very much
and if the user pc is in service network i must have a physical router or a normal switch is suffisant ?