Good Day,
I set up a simple NSX-V lab to train for my futur exam.
However, I got a problem to communicate my VM and the Edge Services Gateway.
Enclosed, the network diagram.
When the VM and the Edge Services Gateway are not in the same host ESXi, the VM can't ping the Edge Services Gateway.
However, when they are in the same host ESXi, they can ping each other.
The DLR works fine.
What is the recommandation ?
Thank you
Jean
GUI only shows vxlan configuration of your hosts and its all ok.
problem is that your physical network is not passing vxlan packets.
Issue the ping commands again but with size 1450 this time to rule out the MTU issue.
Also, can you share the physical switch ports configuration where the hosts connect
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Are all hosts configured for NSX (vTEP)?
VXLAN vlan available on uplinks? Same cluster/transport zone?
Where does the traffic stop when the VM is on hostX and ESG on hostY?
Hi,
All host are configured for the NSX (vTEP).
I didn't configure any VXLAN on my physical switch because it doesn't support it.
Yup, same cluster/transport zone
In the attachments, my NSX configuration and the trafic stop.
this is weird. with DLR, there is no problem.
Thank you for your help
Jean
Hi Jean_PF,
forgive me the silly question ... on EDGE Service Gateway, the default GW has been configured??
- can you share the edge settings ??
- From the Edge, are you able to ping the DLR and out to the Internet?? (next hop is enough, ... I mean the physical router)
Regards,
LM
Issue is with VXLAN. Communication across hosts happen on VXLAN and need 1600 MTU.
Do you have required MTU (1600) on physical switches?
Also I don't see any VLAN being used to carry VTEP traffic, are your physical switch links (3 such links) correctly configured in access mode?
you can confirm physical network configuration by logging into 192.168.0.203 and then ping vmk of other host.
on host 192.168.0.203 issue this command:
vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215
vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216
vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217
Hi lmoglie,
Yeah, the default GW has been configured on the EDGE and DLR.
The EDGE can ping out the internet and my physical router.
However, when the VM and the EDGE is not in the same host ESXi, they can't ping each other.
MTU has been configured to 1600 in the physical switch
Jean
Hi virtuallyme
The 3 links are in trunk mode in the physical switch.
I will switch tomorow in access mode and let you know.
How do you issue the following command on the host 192.168.0.203 ?
vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215
vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216
vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217
Thank you
Jean
SSH to the host and issue the command.
Hi virtuallyme,
I just issue the command from host 192.168.0.203 here the output :
[root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.215
PING 192.168.0.215 (192.168.0.215): 1550 data bytes
1558 bytes from 192.168.0.215: icmp_seq=0 ttl=64 time=0.279 ms
1558 bytes from 192.168.0.215: icmp_seq=1 ttl=64 time=0.226 ms
1558 bytes from 192.168.0.215: icmp_seq=2 ttl=64 time=0.292 ms
--- 192.168.0.215 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.226/0.266/0.292 ms
[root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.216
PING 192.168.0.216 (192.168.0.216): 1550 data bytes
--- 192.168.0.216 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
[root@localhost:~]
[root@localhost:~] vmkping ++netstack=vxlan -d -s 1550 -I vmk1 192.168.0.217
PING 192.168.0.217 (192.168.0.217): 1550 data bytes
--- 192.168.0.217 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
From host 192.168.0.203, I can't ping 192.168.0.216 and 192.168.0.217 through vxlan.
This is weird because the GUI shows vxlan configuration is fine
Jean
GUI only shows vxlan configuration of your hosts and its all ok.
problem is that your physical network is not passing vxlan packets.
Issue the ping commands again but with size 1450 this time to rule out the MTU issue.
Also, can you share the physical switch ports configuration where the hosts connect
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Hi virtuallyme,
You are right. The problem was my physical switch. I need to reboot the physical switch and everything is good.
I have one more question.
What do you recommand for a new installation : NSX-T or NSX-V ?
The needs are :
- reliable system
- micro segmentation
- DFW
The environnment is only VMware
Thank you for your answer : )
Jean LY KENG
NSX-T is the direction going forward. Prepare your lab!
Hi MartinGustafsson,
Thank you for the answer.
Do you think it's possible a have the appliance of NSX-T (ESXi) for training ?
Thank you for your help
Jean
as suggested NSX-T is the way.
With respect to features NSX-T is on parity with NSX-v and more features will be added only to NSX-T
A single appliance to simulate entire NSX-T is not there.
You can download (from vmware.com) and install NSX-T managers and set up NSX-T lab.
Hi virtuallyme,
Noted, thank you for your advice, I will show to my customer the direction to take for the NSX.
Actually, my current access from vmware.com doesn't give me the right to download NSX-T 😕
No problem to download NSX-V.
Many thanks
Jean