5 Replies Latest reply on Oct 26, 2018 10:51 AM by wreedMH

    Edge ECMP and Reverse Path Filtering

    Bayu Wibowo Master
    Community WarriorsUser Moderators

      Challenge:

      I have multiple customers running NSX on ECMP and below is the typical deployment for ECMP

      Ping between DLR to Edge, Edge to Core works and dynamic routing is established.

      However, applications does not seem to work and the customer is wondering what is the issue.

      In ECMP, there would be asymmetric routing and stateful services cannot work in asymmetric traffic.

      So the first obvious thing that need to be checked is firewall on NSX Edge, I did helped them to check the firewall on all Edge and it is already disabled

      So what would be the issue?

       

      Solution:

      Turned out the RPF (Reverse Path Filter) in the Edges are dropping some traffic. We checked this by logging into the NSX Edge CLI and use the show rpfstats command.

      The show rpfilter also shows the reverse path filter configuration for each vNICs.

      To fix this, we go to every Edges that participate in ECMP routing and changed the vNIC RPF settings to Loose or Disabled

       

      Relevant links for references:

      Reverse path forwarding - Wikipedia

      Reverse Path Forwarding in NSX 6.x and vCNS 5.x Edge (2127073)

      In VMware NSX for vSphere 6.x, dynamic routing traffic fails on the NSX Edge uplink interface it is disabled and re-enabled (2138169)

      Troubleshooting NSX for vSphere 6.x Edge appliance (2140009)

      Edge Routing Connectivity Issues

      Bayu Wibowo | vExpert NSX, VCIX6-DCV/NV, Cisco Champion, AWS-SAA
      Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
      https://nz.linkedin.com/in/bayupw | twitter @bayupw