Dear All,
I am newly building on my own lab and I was trying to playing with my NSX. I was almost done everything but I realised, I cant ping my VMs on VXLAN. Just ping. I am describing my lab scenario below and requesting you help...
1. I have attached a my lab diagram for you reference. My router Mikrotik router and ip is 172.16.6.1. (Image attached as Lab Design)
2. I can ping from my physical router to EDGE downlink (Image attached as Ping Router to Edge Downlink)
3. I can ping from my VXLAN VMs to EDGE uplink (Image attached as from VM to Edge Uplink)
But I cant ping to physical router.
4. Physical Router routing table (Image attached as Physical Router Routing List)
Please help.
Regards,
Shyfur
Hi there...
Look that it is a routing issue.
Do a traceroute from the SW or server that you are using to try to reach the VMs. (legacy to NSX)
Do a traceroute from the VM to the SW or the destination server (NSX to legacy)
How are you doing the advertisement in the NSX Edge? Dynamic Routing? Static Routing? DG?
How are you doing the advertisement in Physical SW?
Provide a few SShots of the Edge Interfaces and Routing.
Provide the list of routes on your sw.
Is your mikrotik device in bridge mode ? Please double check your VLAN configurations on mikrotik interfaces which are connected to edges . Also as mentioned in this thread, we need to know the routing protocol and advertisement config.
Can you update the below request
1. Place DLR and Edge on same ESXI host and let me know till were you have the connectivity.
2. ip route print and interface print brief output of mikrotik router
3. Is there any firewall rules on Edges ?
4. VLAN ID on Edge Uplink.
I went through it.
Can you provide the requested sshots?
In the figure 3, you can ping the DLR interface from the ESG. (Check VM firewall) if that is OK, move the VM that you want to ping, to the same ESXi host that the EDGE vm is in. (Maybe you have a vxlan issue)
Figure 1,2 and 4 are all form NSX. Can you do a traceroute and provide the routes that you have in your SW/router?
EDIT= just saw Sreec reply! Provide that (same as I requested in first reply) se we can try to understand a little bit more! 😃
One more question. If you have two (2) vms in the same LS but in different ESXi hosts, are you able to reach each other?
Dear Sreec
As per your query, find my responses below
1. Place DLR and Edge on same ESXI host and let me know till were you have the connectivity.
Shyf: Placed but cant ping Physical router from VM
2. ip route print and interface print brief output of mikrotik router
Shyf: Image attached
3. Is there any firewall rules on Edges ?
Shyf: - No
4. VLAN ID on Edge Uplink.
Shyf: No VLAN. iys just flat network.
Only prb is now, I can reach to EGDE UPLINK. few images has been enclosed for your reference. thanks in advanced for helping out.
regards,
Shyfur
Dear NicolasAlauzet,
Thank you for checking and find my responses below as per your query,
Can you provide the requested sshots?
Shyf: attached all the images. Please let me know if any further images are required.
In the figure 3, you can ping the DLR interface from the ESG. (Check VM firewall) if that is OK, move the VM that you want to ping, to the same ESXi host that the EDGE vm is in. (Maybe you have a vxlan issue)
Shyf: only the isssue is i can not ping the router interface. but i can ping EDGE uplink.
Figure 1,2 and 4 are all form NSX. Can you do a traceroute and provide the routes that you have in your SW/router?
Shyf: from DLR, i can not ping anywhere. only the local interfaces. natural right?
EDIT= just saw Sreec reply! Provide that (same as I requested in first reply) se we can try to understand a little bit more! 😃
Shyf: provided
One more question. If you have two (2) vms in the same LS but in different ESXi hosts, are you able to reach each other?
Shyf: yes
Now the only issue is, i cant ping router interface... can ping to EDGE uplink. i attached the ESG interface information and routing table in last reply to Sreec
thanks again for helping.
regards,
Shyfur
Please, log in vCenter and take some screenshots of the DLR configuration and the Edge configuration.
Interfaces and routing. (like this ones for example)
You can use an application like "lightshot" to take the screenshot and copy paste it. would be easy to understand.
I'm trying to make a simple diagram of the scenario, and will update it soon
Please, take screenshots of the Configuration - Interfaces for the NSX Edge, and the DLR.
Dear NicolasAlauzet,
Interfaces information has been uploaded in last reply. should you want me to re-upload or anything missing? Can we connect remotely?
Yes sry, it seems that I went to the @ and when entered to your answer from there I missed the attached files...
So, this is your scenario (correct if needed) (Based on the first diagram that you uploaded, and the latest screenshots)
Please validate:
I hope this helps this time :smileyconfused:
DG= Default Gateway.
Chech the network config of your vms, IP, netmask and default gateway!
OK, one more test and we will find it for sure...
Do this and record the results please. I know that in the first post you did the same, but lets go in this order:
From a VM (web or db):
PING 192.168.1.21
PING 172.16.6.55
From EDGE:
PING 192.168.1.21
PING 192.168.1.5 and 6 (Your Web and DB VMs)
From Physical Router:
PING 172.16.6.55
PING 192.168.1.21
PING 192.168.1.5 and 6 (Your Web and DB VMs)
Post the results (no need for SS) just put OK or ERROR next to each step 😃
Ok thanks. To be precise , you haven't provided the command level screenshot of your router ( GUI output is not enough) , never mind . Considering this is nested and router being in bridge mode( i have the same config running in my lab with NSX-T) , i want you to do a simple test and i'm sure that will isolate the issue
1. Connect a VM to Edge uplink ( it should be on the same uplink & portgroup which is leveraged by Microtik device ) , point the default Gateway of VM to Edge uplink ( 172.16.6.14)
2. Check your VM's behind DLR can reach VM behind edge , if it works - NSX configurations is ruled out - if it doesn't work - keep mikrotik connectivity aside and resolve this issue.
3. Potential issue is with nested lab or mikrotik router setup.
Dear NicolasAlauzet
Please find the results below....
From a VM (web or db):
PING 192.168.1.21 = ok
PING 172.16.6.55 = ok
From EDGE:
PING 192.168.1.21 = ok
PING 192.168.1.25 and 6 (Your Web and DB VMs) = NO
From Physical Router:
PING 172.16.6.55 = ok
PING 192.168.1.21 = NO, ( can reach only to esg downlink )
PING 192.168.1.5 and 6 (Your Web and DB VMs) = NO
reragrds,
Shyfur
From EDGE:
PING 192.168.1.25 and 6 (Your Web and DB VMs) = NO
If thats not the issue, it seems that you are having an issue with VXLAN.
Try this:
Have a look:
Troubleshooting NSX Infrastructure
Logical Network Preparation: VXLAN Transport
Also this:
Go to your Logical Swith > Select Monitor > Ping and select the source and destination host (between whom test will be performed) by clicking on browse button. Click on “Start Test”
if the test is successful, you will see similar results shown below.