VMware NSX

here's the thing, i'm planning the dynamic virtual network with NSX 6.3.1 on vSphere 6.5 infrastructure

and the VLAN of IP 10.101.6.0/24 is defined as public IP for this datacenter.

the NSX topology is shown below and while planning the dynamic routing for both EDGE and DLR,

the error message pooped up no mater how i configure: [Routing] Invalid  forwardingAddress 192.168.12.4. Forwarding address has to be an ipAddress on one of the uplink interfaces

on the EDGE, default gateway is of course 10.101.6.1, the "dynamic routing configuration" of OSPF enabled with the router id:10.101.6.53

the OSPF status is enabled, i deleted the default area id o and 51, using area id 100 with type "normal"

the "area to interface mapping" is configured with the vNIC 192.168.12.1 and area id 100. theses should be correct.

on the DLR VM,

the area id 100 of type "normal" is created in the OSPF settings and the "area to interface mapping" is set to interface 192.168.12.2 with area id 100

however, when the the protocol address 192.168.12.3 and forwarding address 192.168.12.4 settings are publishing, the error just showed up as mentioned above...

the OSPF area config. should be correct without issues.

hard for me to believe that this is because of human error, does anyone know why this happen?

thanks so much!

You need to change the Uplink IP from 192.168.12.2 to 192.168.12.4 to match with the forwarding address , protocol address any can be any IP in same subnet which is correct in your case.

Sreec​

thanks! i just solved it by setting forwarding address into 192.168.12.2 and worked just fine.

can't believe that the forwarding address needs to fit the DLR's interface...

really appreciate for answering my stupid question!

i have a final issue that i hope you can help:

the VM under either vxlan1 or 2 is not be able to reach the external network 10.101.6.0/24,

it can ping to 192.168.12.1 or 10.101.6.53 or any internal ip subnet except for the external IP.

edge and router's firewalls were all set to "accept" any traffic.

so annoying...

No worries , Can you provide me with Routing Table output from DLR and Edge ?

ok i got the route from edge and dlr,

this one is EDGE below:

and this is the route of dlr as show below:

i've found an strange issue that i forgot to configure the NAT on edge

but after i set the nat(both snat and dnat), the routing seemed break...

even the vm under vxlan 1 or 2 couldn't ping to 10.101.6.53(edge's uplink), neither does the dlr

here's the nat settings:(i would like to make every machine on 10.101.6.0/24 reach the NSX vxlan network, too)

i've tried the same nat settings in the past for other datacenter and was correct

but this time the routing breaks...

do i need to set a secondary IP for edge's uplink?

If NAT is required, then it is not necessary to have routes on the Physical Router side as it already knows directly connected 10.101.6.0/24 address.

Also from which direction ping is tested? VM to Physical ping SNAT should be sufficient, but fif physical l to VM iping s also required, one-to-one static NAT (destination NAT may be needed).

One important point may be NAT requires the Firewall service on the Edge to enabled: (Without Firewall it doesn't work)

If Firewall enabled, firewall rules may be needed to allow Icmp from inside to outside

https://letsv4real.com/2017/08/04/configure-source-nat-snat-on-nsx-edge/

As mentioned, NAT translates one IP address into another. So, our first step is to have a IP address that we can use to translate to.  Our first step is to make sure the firewall services are enabled on our NSX edge. Without that, we cannot configure NAT.

The NAT'ed IP can be physical IP 10.101.6.53 or another IP on same subnet such as .54, .55 etc.

For DNAT and Firewall Rules for different options this link may be helpful

http://www.routetocloud.com/2014/12/nsx-v-edge-nat/

Secondary IP is always preferred for DNAT . Also any specific reason why you are trying DNAT on Internal Interface ? The correct interface on which to assign destination NAT rules is the interface that receives the network traffic to be translated which would be the uplink interface.The translated address can be any IP address that either exists in a directly-connected subnet, or in a subnet known to the NSX Edge instance that is accessible through routing capabilities (static routes and dynamic routing)

thanks everyone for answering my stupid problem

i'm ending this article because i've burned too much time on this, and also because i had solved my last goal.

i set the machines' gateway (which live on 10.101.6.0/24) to 10.101.6.53, which is ESG's uplink interface

so my "external network" can reach the logical network of NSX

that will be all.

thanks again!

where does traceroute command stop, is it possible to send traceroute from the VM to 10.101.6.0 network?

Also how does the Edge announce the Vxlan1 and Vxlan2 subnets to the Physical router? Are they also Ospf or static routing between Edge-Physical is used? The routing table on the Physical router  needs to learn Vxlan 1 and Vxlan2 subnets in order to forward to the Edge Gateway,