VMware Networking Community
Lilly5529
Contributor
Contributor
‎07-08-2021 03:45 AM

NSX-T Overlay Default Gateway

I am seriously stumped on a basic concept within NSX-t. How do the Gateways work within the Overlay Network? For example, I have created a TEP Pool for my Transport Nodes (TN’s) and a different one for my Edge Node (I realize this can be the same TEP Pool but I see it can work both ways). My TN’s have the TEP IPs of 10.10.6.100 and 10.10.6.101 (for TN1 and TN2 respectively) and can pass overlay traffic just fine. The tunnels show up and green.

When I add in my Edge Node (using the same transport zones as the TN’s), it has a TEP Pool of 10.10.7.x with a gateway of 10.10.7.1. The tunnels are down between the Edge and the TN’s and I can’t seem to bring them up. I see the Edge Node has a TEP IP of 10.10.7.100. mythdhr

When I log onto the edge node and go into the tunnel vrf (vrf 0), I enter the command “get forwarding” and it shows my default gw as 10.10.7.1. I cannot ping that IP from there. I do not have any hardware with that IP address. That is the nature of my question - from an overlay perspective, where does that Gateway live? I assume it is within the NSX environment but it is not a T0 or T1 GW, right? I have obviously missed a key step of providing the gateway but am unsure of where I do that.

What am I missing here?

0 Kudos
2 Replies
CyberNils
Hot Shot
Hot Shot
‎07-08-2021 04:00 AM

Hi,

You need to route between your Edge Node TEPs and your Host TEPs. This should be done on a router externally to NSX. You can also use the same subnet for all your TEPs, like you pointed out, to avoid having to do this. 



Nils Kristiansen
https://cybernils.net/
p0wertje
Hot Shot
Hot Shot
‎07-08-2021 04:33 AM

Hi,

 

Your overlay gateway is on the T1 or T0 depending where the segment is connected.
Since the TEP is not in the overlay network, you need an external router like @CyberNils already mentions.
The easiest way is to use the same vtep-network for both edge and hosts.
If you are using physical edge nodes, it is pretty straight forward. If you use virtual edge nodes, you need to use a NSX-backed vlan segment to be able to use the same vtep network. It will not work on a normal portgroup.

Cheers,
p0wertje | VCIX6-NV | JNCIS-ENT | vExpert
Please kudo helpful posts and mark the thread as solved if solved
0 Kudos