1 2 Previous Next 23 Replies Latest reply on Jun 15, 2019 4:14 AM by Rob80 Go to original post
      • 15. Re: Static route issues on NSX-T
        daphnissov Guru
        vExpertCommunity Warriors

        If you only have one ESXi host and, for whatever reason, you can't ping the TEPs on your edges but a VM which is running on that host and connected to an NSX-T logical switch has that level of access then something isn't right with that vmkping command.


        Based on what you say here

         

         

        • Gateway (T1 downlink for this segment) - success
        • T1 linked port to T0 - success
        • T0 uplink HA VIP address - success
        • Gateway on the HA VIP network (which you say should be 192.20.11.1) - unsuccessful

        it sounds like you do not have your static routes configured correctly. So next show how you have configured your static route on your L3 switch.

        • 16. Re: Static route issues on NSX-T
          Rob80 Novice

          Basically I have mx65 doing layer 3 routing between vlans where esxi connected via layer 2 switch ms120-8lp as MTU of 1600 required as a minimum. I atatcehd below screens of current setup where I haven't added anything on switch for static routing.

          MX 65

          and for ms 120-8lp

          • 17. Re: Static route issues on NSX-T
            daphnissov Guru
            Community WarriorsvExpert

            Your static route appears to be wrong. If .5 is the HA VIP address, you need to direct any networks which you want to route into your T0. This would be any logical segments that exist behind a T1. From your diagram, that appeared to be 10.x.y.z/24 subnets. You will either need to summarize those routes into one, or set static routes for each network.

            • 18. Re: Static route issues on NSX-T
              Rob80 Novice

              I have made the following amendments on mx device

               

               

              and wonder if I need to do similar on the switch.

              • 19. Re: Static route issues on NSX-T
                daphnissov Guru
                vExpertCommunity Warriors

                Your App-Tier is really a 10.10.20.0/25 network?

                 

                Do a traceroute from a host external to any of these networks to a host that resides on one of them. What do you get?

                • 20. Re: Static route issues on NSX-T
                  Rob80 Novice

                  I have some issues

                   

                  • 21. Re: Static route issues on NSX-T
                    daphnissov Guru
                    vExpertCommunity Warriors

                    Your static routes are not configured properly. When you traceroute to 10.10.10.2 from your ESXi host, it send the packet to its management vmkernel port gateway. If that is the L3 device, it drops the frame because it has no entry in its routing table to send requests for 10.10.10.0/24. I cannot advise you how to accomplish this with a Meraki device so I'd recommend reading the official docs or opening a support request with Cisco if necessary.

                    • 22. Re: Static route issues on NSX-T
                      dejongraymond Lurker
                      VMware EmployeesvExpert

                      From the NSX Tier-0 Gateway the 0.0.0.0/0 default route pointing towards your router makes sure northbound traffic is achieved. Make sure, like said earlier, you create static routes for all the networks behind the Tier-0 Gateway on your Physical Router to make sure southbound traffic works and point the routes to the HA VIP.

                      On your router check L2 connectivity. Check if you see HA VIP address in MAC address table. If you are available next week I might be able to have a look together with you on a remote session.

                      I would also like to know if your tagging VLAN on your port group or in NSX Segment. Misconfiguration there could be a reason for not having L2 connectivity from Edge Node towards physical router.

                      • 23. Re: Static route issues on NSX-T
                        Rob80 Novice

                        I Can ping physical router gateway but and all addresses up to HA VIP

                         

                          HA VIP shown below as connected and I can ping it from router only

                         

                        Uplink 1 & 2 also available in MAC table and can be ping them from router only

                         

                         

                         

                           Edge tagging on VDS

                         

                         

                        Remote session would be great if possible.

                        1 2 Previous Next