hello,
when i look at 《
》,i find in page 64, LR Centeralized has a limitations:1 Tenant can not have more than 9 Networks,
i can't understand what it means.das LR Centeralized can't can't connect more than 9 subnet?
another question: does LR Centeralized reached ten interface it will create a new shareEdage?
About your question on # of networks per tenant logical router:
A tenant can have multiple routers.
A specific tenant router can not have more than 9 interfaces.
So a specific tenant router can not be connected to more than 9 networks.
Note: The technical reason is an NSX Edge can not have more than 9 internal interfaces.
Do you have a need a specific tenant logical router connected to more than 9 networks?
And if so, how many?
About your question on "New Shared Edge creation":
A specific NSX Edge can be used by different tenant logical routers.
This limits the # of NSX Edge in the Data Center.
Note: Obviously even if they share the same NSX Edge, FW rules are created so each tenant logical router has no access to other tenant.
When the sum of the different tenant logical router interfaces exceeds 9, then automatically a new Edge is created.
Example:
Step1: Tenant1-LR is created with 3 interfaces
=> Shared-Edge1 with 3 interfaces (used by Tenant1-LR)
Step2: Tenant2-LR is created with 2 interfaces
=> Shared-Edge1 with 5 interfaces (used by Tenant1-LR + Tenant2-LR)
Step1: Tenant3-LR is created with 3 interfaces
=> Shared-Edge1 with 8 interfaces (used by Tenant1-LR + Tenant2-LR + Tenant3-LR)
Step1: Tenant4-LR is created with 2 interfaces
=> Shared-Edge1 with 8 interfaces (used by Tenant1-LR + Tenant2-LR + Tenant3-LR)
=> Shared-Edge2 with 2 interfaces (used by Tenant4-LR)
Dimitri
I am trying to get the following setup to work
My lan0 and lan1 are not communicating what am I missing?
In the picture I see Lan01, Lan02 and Ext network.
You mention Lan0 and Lan1 not communicating... which network are you referring as lan0 ?
Here are few things to try out:
Are you able to ping the router interfaces? i.e ping 192.168.1.254 (lan01 interface) from machine on 192.168.2.0/24 (lan02) ( and vice versa )?
Did you explicitly specify 192.168.1.254 to be the router interface for lan01?
Delete the interfaces of the router. Recreate the interfaces without specifying the interface IP this shud use *.1 as the interface IP. See if that helps.
Thank for responding, Sorry I mistyped. I have Lan01 and Lan 02 configured as follows
Network Lan01 with subnet 192.168.1.0/24
Network Lan02 with subnet 192.168.2.0/24
Routers:
Tenant01-LS-01 is connected to Lan01 and to the external network
Tenant01-LS-02 is connected to:
Lan01 on 192.168.1.254
Lan02 on 192.168.2.1
Machines on Lan 01 can ping 192.168.2.1 but not the machines, when I do a trace route from a machine on Lan01 I see it hop through the external network
Machines on Lan 02 can ping 192.168.1.254 but not the machines on lan01.
I checked ICMP and it looks ok the machines respond to pings from machines on the same network and subnet.
I am not sure if I need to add static routes
PS: Router 2 can not use .1 as it tells me its connected to router 1
can you paste the security group rules applied on both those VMs
What happens if you edit the security group rules to allow ICMP from any CIDR
Hi,
The security rules applied allow all ICMP traffic on all machine.
When I do a traceroute from Lan 1 to a machine on Lan 2 I can see that traffic is being directed to the external gateway
I see that there are two routers in Lan01 - one router with intf 192.168.1.254 and another with intf 192.168.1.1. But the machines on Lan01 can only have one gateway IP set and I suspect that it is set to 192.168.1.1. If you did not specify a gateway IP when creating the logical network Lan01, then Neutron will automatically pick .1 (192.168.1.1) to be gateway IP and when DHCP response is sent to the VMs on this network this .1 (192.168.1.1) IP is sent as the gateway IP.
So this is what is most likely happening. When you ping from a machine on Lan02
1. it reaches the router on intf 192.168.2.1 (Lan02) which is set as the default gateway on this machine
2. the router forwards it to the intf 192.168.1.254 (Lan01)
3. from the intf 192.168.1.254 (Lan01) it reaches the machine on Lan01
4. the machine on Lan01 most likely has its default gateway set to 192.168.1.1 and is sending the response back to 192.168.1.1, where it is being dropped as this is a different router which does not have a route to Lan02.
To verify this, on the machine on Lan01 can you print the routing table and see what the default gateway is. If it is a linux instance, then "route -n" command should print the routing table. If my hypothesis is right, then the default gateway should be set to 192.168.1.1.
Actually, I don't think there second router (between Lan02 and Lan01) is needed. The same router that connects Lan01 to EXTNET can be used to connect Lan02 and security group rules on Lan02 can be used to make sure that it does not send/receive traffic directly to/from EXTNET.