14 Replies Latest reply on Aug 10, 2019 7:25 PM by Jean_PF

    NSX-V VM and Edge Services Gateway

    Jean_PF Novice

      Good Day,

       

      I set up a simple NSX-V lab to train for my futur exam.

      However, I got a problem to communicate my VM and the Edge Services Gateway.

       

      Enclosed, the network diagram.

       

      When the VM and the Edge Services Gateway are not in the same host ESXi, the VM can't ping the Edge Services Gateway.

      However, when they are in the same host ESXi, they can ping each other.

       

      The DLR works fine.

       

      What is the recommandation ?

       

      Thank you

       

      Jean

        • 1. Re: NSX-V VM and Edge Services Gateway
          MartinGustafsson Hot Shot
          VMware EmployeesvExpert

          Are all hosts configured for NSX (vTEP)?

          VXLAN vlan available on uplinks? Same cluster/transport zone?

           

          Where does the traffic stop when the VM is on hostX and ESG on hostY?

          • 2. Re: NSX-V VM and Edge Services Gateway
            Jean_PF Novice

            Hi,

             

            All host are configured for the NSX (vTEP).

            I didn't configure any VXLAN on my physical switch because it doesn't support it.

            Yup, same cluster/transport zone

             

            In the attachments, my NSX configuration and the trafic stop.

             

            this is weird. with DLR, there is no problem.

             

            Thank you for your help

             

            Jean

            • 3. Re: NSX-V VM and Edge Services Gateway
              lmoglie Enthusiast
              vExpert

              Hi Jean_PF,

              forgive me the silly question ... on EDGE Service Gateway, the default GW has been configured??

              - can you share the edge settings ??

              - From the Edge, are you able to ping the DLR and out to the Internet?? (next hop is enough, ... I mean the physical router)

               

              Regards,

              LM

              • 4. Re: NSX-V VM and Edge Services Gateway
                virtuallyme Enthusiast

                Issue is with VXLAN. Communication across hosts happen on VXLAN and need 1600 MTU.

                Do you have required MTU (1600) on physical switches?

                Also I don't see any VLAN being used to carry VTEP traffic, are your physical switch links (3 such links) correctly configured in access mode?

                 

                you can confirm physical network configuration by logging into 192.168.0.203 and then ping vmk of other host.

                 

                on host 192.168.0.203 issue this command:

                vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215

                vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216

                vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217

                • 5. Re: NSX-V VM and Edge Services Gateway
                  Jean_PF Novice

                  Hi lmoglie,

                   

                  Yeah, the default GW has been configured on the EDGE and DLR.

                  The EDGE can ping out the internet and my physical router.

                  However, when the VM and the EDGE is not in the same host ESXi, they can't ping each other.

                  MTU has been configured to 1600 in the physical switch

                   

                  Jean

                  • 6. Re: NSX-V VM and Edge Services Gateway
                    Jean_PF Novice

                    Hi virtuallyme

                     

                    The 3 links are in trunk mode in the physical switch.

                    I will switch tomorow in access mode and let you know.

                     

                    How do you issue the following command on the host 192.168.0.203 ?

                    vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215

                    vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216

                    vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217

                     

                    Thank you

                     

                    Jean

                    • 7. Re: NSX-V VM and Edge Services Gateway
                      virtuallyme Enthusiast

                      SSH to the host and issue the command.

                      • 8. Re: NSX-V VM and Edge Services Gateway
                        Jean_PF Novice

                        Hi virtuallyme,

                         

                        I just issue the command from host 192.168.0.203 here the output :

                         

                        [root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215

                        PING 192.168.0.215 (192.168.0.215): 1550 data bytes

                        1558 bytes from 192.168.0.215: icmp_seq=0 ttl=64 time=0.279 ms

                        1558 bytes from 192.168.0.215: icmp_seq=1 ttl=64 time=0.226 ms

                        1558 bytes from 192.168.0.215: icmp_seq=2 ttl=64 time=0.292 ms

                         

                        --- 192.168.0.215 ping statistics ---

                        3 packets transmitted, 3 packets received, 0% packet loss

                        round-trip min/avg/max = 0.226/0.266/0.292 ms

                         

                        [root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216

                        PING 192.168.0.216 (192.168.0.216): 1550 data bytes

                         

                        --- 192.168.0.216 ping statistics ---

                        3 packets transmitted, 0 packets received, 100% packet loss

                         

                        [root@localhost:~]

                        [root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217

                        PING 192.168.0.217 (192.168.0.217): 1550 data bytes

                         

                        --- 192.168.0.217 ping statistics ---

                        3 packets transmitted, 0 packets received, 100% packet loss

                         

                        From host 192.168.0.203, I can't ping 192.168.0.216 and 192.168.0.217 through vxlan.

                         

                        This is weird because the GUI shows vxlan configuration is fine

                         

                        Jean

                        • 9. Re: NSX-V VM and Edge Services Gateway
                          virtuallyme Enthusiast

                          GUI only shows vxlan configuration of your hosts and its all ok.

                          problem is that your physical network is not passing vxlan packets.

                          Issue the ping commands again but with size 1450 this time to rule out the MTU issue.

                          Also, can you share the physical switch ports configuration where the hosts connect

                          • 10. Re: NSX-V VM and Edge Services Gateway
                            Jean_PF Novice

                            Hi virtuallyme,

                             

                            You are right. The problem was my physical switch. I need to reboot the physical switch and everything is good.

                             

                            I have one more question.

                            What do you recommand for a new installation : NSX-T or NSX-V ?

                            The needs are :

                            - reliable system

                            - micro segmentation

                            - DFW

                             

                            The environnment is only VMware

                             

                            Thank you for your answer : )

                             

                            Jean LY KENG

                            • 11. Re: NSX-V VM and Edge Services Gateway
                              MartinGustafsson Hot Shot
                              vExpertVMware Employees

                              NSX-T is the direction going forward. Prepare your lab!

                              • 12. Re: NSX-V VM and Edge Services Gateway
                                Jean_PF Novice

                                Hi MartinGustafsson,

                                 

                                Thank you for the answer.

                                Do you think it's possible a have the appliance of NSX-T (ESXi) for training ?

                                 

                                Thank you for your help

                                 

                                Jean

                                • 13. Re: NSX-V VM and Edge Services Gateway
                                  virtuallyme Enthusiast

                                  as suggested NSX-T is the way.

                                  With respect to features NSX-T is on parity with NSX-v and more features will be added only to NSX-T

                                   

                                  A single appliance to simulate entire NSX-T is not there.

                                  You can download (from vmware.com) and install NSX-T managers and set up NSX-T lab.

                                  • 14. Re: NSX-V VM and Edge Services Gateway
                                    Jean_PF Novice

                                    Hi virtuallyme,

                                     

                                    Noted, thank you for your advice, I will show to my customer the direction to take for the NSX.

                                    Actually, my current access from vmware.com doesn't give me the right to download NSX-T :/

                                    No problem to download NSX-V.

                                     

                                    Many thanks

                                     

                                    Jean