FYI, both DLR and ESG can ping 220.127.116.11. Only VMs cannot get out.
The DLR appliance can be a little weird when it comes to communicating to/from it directly. The interface IPs assigned to logical switch interfaces don't actually exist on the control VM. They are 'LIFs' or 'logical interfaces' that exist on every ESXi host in the transport zone. If you configure dynamic routing on the DLR, you'll define a 'protocol address' as part of the process. That address should actually exist on the control VM, and can be used for ping tests, as well as to SSH into the VM etc.
Hope this helps.
MikeMy blog: https://vswitchzero.com
Follow me on Twitter: @vswitchzero
Thank you for the verification on that. I am able to ssh to the control VM or protocol address of the DLR. Routing is correct on the DLR control VM and can get to 18.104.22.168 outside the environment. Still do not understand by VMs cannot communicate past the LIF.
Yes. DLR is configured to redistribute connected. As stated above, routing table on ESGs are correct.
DLR control VM also has an OSPF redistributed static from each of the upstream ESGs.
Thank you for the reply.