I have a very simple deployment of NSX-V
3 clusters
Cluster 1=edge esg
Cluster 2=ldr and test vm's
Cluster 3=nsx manager and controllers (out of band, not prepped for vxlan)
Two virtual machines,
VM:10.10.10.10
VM2: 11.11.11.11
3 logical switches
APP_10(for interface 10.10.10.0)
APP_11(for interface 11.11.11.0)
Transit(uplink for ldr, internal for esg)
LDR internal interface 1: 10.10.10.1/24
LDR internal Interface 2: 11.11.11.1 /24
LDR uplink interface: 13.13.13.1/30
ESG internal interface 1 : 13.13.13.2/30
Static routes in the ESG=
10.10.10.0/24 Next Hop=13.13.13.1
11.11.11.0/24 Next Hop=13.13.13.1
LDR Default Gateway=13.13.13.2
for some reason my test vms cannot ping the internal of the ESG, and my ESG cannot ping my test vms. i can ping each interface on the LDR from the ESG, but i cannot communicate past the LDR's internal interface.
in reverse, my VM's can ping each other on different networks, and can ping the uplink to their LDR, however they can not contact the internal of the ESG
no firewalls have been configured at this point.
im not sure what i have configured wrong. any help will be much appreciated
Hello,
You need to add a static route on your DLR.
just add a route to 0.0.0.0/0 via default gateway of your DLR which is: 13.13.13.2
Hello,
If you want to use static routing, then you need to configure on DLR: default route next hop 13.13.13.2
And as per the following KB, There is an expected behavior with the ping in VMware NSX for vSphere 6.x: VMware Knowledge Base
Yes, please confiure default gateway.
default gateway and 0.0.0.0/0 route created. still no luck
Could you login to the consol of DLR
use command show ip route, and show's us the output?
Are you able to ping 8.8.8.8 from dlr ?
negative, haven't gotten that far. i cant even ping 13.13.13.2 from the dlr
Your config
LDR internal interface 1: 10.10.10.1/24
LDR internal Interface 2: 11.11.11.1 /24
LDR uplink interface: 13.13.13.1/30
ESG internal interface 1 : 13.13.13.2/30
Looking at the screen I see that you used /24 Mask for 13.13.13.0/24 ??
Which one is correct ??
Secondly:
Please post show ip route from ESG console
im sorry i reconfigured that last night, i spoke with a vmware employee who specializes in NSX over the phone and he stated that i shouldn't use a /30 for the transit network. he recommend at least a /29 i guess for ip space? so i just made it simple and created all interfaces a /24 for the simplicity
So the NSX employee suggested the /29 mask,
Because if you are using Dynamic Routing bettween your peers (ESG-DLR) you need at least 3 IP address's
1. ESG - Internal to DLR
2. DLR - Uplink to ESG
3. DLR - Forward Protcol ( For peering with OSPF or BGP)
And according to the ESG routes, you also need to add Default Gateway for ESG, which is missing here.
what would be the ESG default Gateway? he would be my Ingres egress \point into the physical networking, so his default gateway should be on the uplink side right?
default gateway would be an uplink from ESG to your physical Router/Edge Router.
i can configure that, however what does that do to resolve my problem with communicating with the ESG internally?
Well, after adding the route's to the DLR could you please one more time do traceroute from VM that is on VLXAN
my tracert is making it to 11.11.11.1(Test vms DG) then it dies
Thats odd, sometimes redeploying DLR helps.
ya ive tried that many times. very frustrating. usually its something simple thats misconfigured, i just cant find it
Hmm,
I can make exact copy of your configuration in my LAB if you wish, so I will post you the results ??