VMware NSX

  • 1.  DLR Logical Switch route issue

    Posted Jan 21, 2017 08:58 PM

    I have worked with VMware for a long time, but my network background is not as strong and I am running into some issues with a simple NSX deployment.

    I have a perimeter gateway with an up link 172.16.12.10 and an internal to a transit network 192.168.10.1

    My DLR has an uplink 192.168.10.2 on transit

    and a internal to a logical switch 192.18.33.1

    From my VM on the logical switch I can ping the DLR internal link 172.18.33.1, but traffic wont go any further.

    From the outside world traffic flows to the DLR transit link, 192.168.10.2, but then gets dropped.

    I assume I need a static route on the DLR that states that any 172.18.33.x traffic goes to 172.18.33.1, but not entirely sure how to do that.

    Thanks!



  • 2.  RE: DLR Logical Switch route issue

    Posted Jan 21, 2017 10:34 PM

    What does your routing configuration look like? Do you use dynamic routing (BGP, OSPF) or just static routes?

    In short, your ESG needs to know that the 172.18.33.0/24 network can be reached through the next-hop address 192.168.10.2. The DLR needs to know that the subnets behind the ESG (or simply 0.0.0.0/0) need to be routed to 192.168.10.1. There are tons of guides, blogs, etc. that will teach you how to configure routing :smileyhappy: Should you wish that we help you any further, we really need to know something more about your environment (screenshots usually do a pretty good job at that).



  • 3.  RE: DLR Logical Switch route issue

    Posted Jan 22, 2017 08:23 AM

    As pointed it may be a routing or topology, interface IP Problem. If 172.18.33.1 with subnet mask 255.255.255.0 is configured on the DLR as LIF, then DLR,  without any configuration, already knows that 172.18.33.x IPs are directly connected. Could not figure  where the 192.18.33.1 is located, is it another LIF Interface on the DLR? What is the IP, Subnet and default gateway of the VM on the Logical Switch?


    Also the routing table on the Edge and DLR may be helpful:

    • On the Edge, show ip route (This command should have a routing table entry pointing to VM IP Subnet pointing to DLR Uplink 192.168.10.2)


    http://www.virtually-limitless.com/vcix-nv-study-guide/manage-and-report-on-a-logical-router-using-nsx-controller-nsx-edge-and-esxi-cli-commands/




    • net-vdr --instance -l On the ESXi  host that DLR exists: (an alternative  may be from the NSX manager CLI with show logical-router host host-id dlr dlrID route command). On this output, DLR needs to know the VM subnet as well as Physical subnets north of the Edge

    http://blog.bertello.org/2015/02/nsx-for-newbies-part-6-distributed-logical-router-dlr/

    • net-vdr -l -I

    • net-vdr -l --route CloudLab+edge-6 (This is the name of the Vdr Name on the previous net-vdr --instance -l command.

    • Also there can be other points that need to troubleshoot on host basis or NAT, but mostly a routing issue.


  • 4.  RE: DLR Logical Switch route issue
    Best Answer

    Posted Jan 24, 2017 05:38 AM

    1. Configure the default gateway on DLR with a value of 192.168.10.1.

    2. Configure a static route on the Perimeter Gateway for 192.18.33.0/24 with a next-hop of 192.168.10.2.

    3. Make sure that the Perimeter Gateway's FW if enabled is not blocking the traffic.

    4. Use the traceflow from the NSX-Snap-in in vCenter to craft a packet. This will indicate whether or not it is being dropped due to FW policy.

    I suspect points 1 and 2 will solve your problem.



  • 5.  RE: DLR Logical Switch route issue

    Posted Jan 24, 2017 02:36 PM

    Thanks for the all the suggestions guys!  In the end I ended up using Dynamic Routing, but what got me was the firewall on the PG was blocking traffic.  Such a silly thing to have missed.