Hi all,
I am trying to deploy VCF 4.0.1 but I received this error (Failed to validate reachability of Application Virtual Networks with gateway IPs [10.50.0.1, 10.60.0.1])
I am deploying it on the top of nested ESXi's and I can ping from Pfsense these two IPs but unable to do it from CB VM nor the ESXi's themselves.
refer to the attached diagram
do I need to add static routes? any clue!
thanks in advance
Muhammad
Hi All,
I fixed this issue by creating a static route inside Cloud Builder VM for 10.50.0.1 & 10.60.0.1
/etc/systemd/network/10-eth0.network
BR,
Muhammad Toffaha
.
Have you done some trace routes to see where the traffic is going, you definitely have a routing issue.. and since this is a nested lab, have you configured security on the portgroups accordingly?
PS. Ignore the comment above, was logged in with the wrong account.
Hi Mohan,
I have set all security on port groups to Accepted
Yes, most probably it's a routing issue, but not sure where is the issue?
Trace routes in both directions, try to narrow down where your issue is.
from the ESXi's >> there are no traceroutes
[root@esxi-1:~] traceroute 10.50.0.1
traceroute to 10.50.0.1 (10.50.0.1), 64 hops max
1 * * *
2 * * traceroute: sendto: No route to host
[root@esxi-1:~] traceroute 10.60.0.1
traceroute to 10.60.0.1 (10.60.0.1), 64 hops max
1 * * *
2 * * traceroute: sendto: No route to host
from the Pfsene it works fine
[2.4.5-RELEASE][admin@pfSense.localdomain]/root: traceroute 10.50.0.1
traceroute to 10.50.0.1 (10.50.0.1), 64 hops max, 40 byte packets
1 172.27.11.2 (172.27.11.2) 0.806 ms 0.605 ms 0.601 ms
2 10.50.0.1 (10.50.0.1) 2.137 ms 0.524 ms 0.720 ms
Are the management appliances on the same subnets as the host?
If they don't have a default gateway / route out then that will cause you a lot of problems.
I have a single physical host in a subnet and I am building the whole environment on top of it!
my question is how can I use Pfsense to routing the traffic from 10.0.0.x to T1 router VLANs 10.50.0.0 & 10.60.0.0
BR,
Muhammad
Can the nested esxi hit their own gateway? Is their gateway on pfsense ?
Since this is nested;
Make sure that the VM of the nested ESXi's portgroups are the portgroup with all the security functions turned on and is a trunking port group, this should be the portgroup created on your single physical esxi host. Then in the ESXi VM, ensure the management interface is tagged with the management VLAN. Also ensure all VLANs are trunked to your ESXi host from the physical network fabric.
It sounds like there is bad config somewhere.
Hi All,
I fixed this issue by creating a static route inside Cloud Builder VM for 10.50.0.1 & 10.60.0.1
/etc/systemd/network/10-eth0.network
BR,
Muhammad Toffaha
I marked the solution,how can I set the thread as resolved?
FYI. I had the same issue and attempted your solution but it did not work for me. Luckily, I got the right syntax with the help of @usbenny himself from the #vlc-support slack channel, which resolved my issue. I'm running the latest VCF Cloud Builder 4.10 BTW:
For the 10.50.0.1 subnet
ip route add 10.50.0.0/24 proto static scope global nexthop dev eth0.11 via 172.27.11.2 weight 1 nexthop dev eth0.11 via 172.27.11.3 weight 1 nexthop dev eth0.12 via 172.27.12.2 weight 1 nexthop dev eth0.12 via 172.27.12.3 weight 1
For the 10.60.0.1 subnet
ip route add 10.60.0.0/24 proto static scope global nexthop dev eth0.11 via 172.27.11.2 weight 1 nexthop dev eth0.11 via 172.27.11.3 weight 1 nexthop dev eth0.12 via 172.27.12.2 weight 1 nexthop dev eth0.12 via 172.27.12.3 weight 1
Hope this helps someone.
I'm facing the similar problem,but both solution mentioned on this thread not working for me,.
On CloudBuilderVM to AVN network is not reachable.Do i need to specifically configure anything on CloudBuilderVM