VMware NSX

Dear All,

I am newly building on my own lab and I was trying to playing with my NSX. I was almost done everything but I realised, I cant ping my VMs on VXLAN. Just ping. I am describing my  lab scenario below and requesting you help...

1. I have attached a my lab diagram for you reference. My router Mikrotik router and ip is 172.16.6.1. (Image attached as Lab Design)

2. I can ping from my physical router to EDGE downlink (Image attached as Ping Router to Edge Downlink)

3. I can ping from my VXLAN VMs to EDGE uplink (Image attached as from VM to Edge Uplink)

But I cant ping to physical router.

4. Physical Router routing table (Image attached as Physical Router Routing List)

Please help.

Regards,

Shyfur

Hi there...

Look that it is a routing issue.

Do a traceroute from the SW or server that you are using to try to reach the VMs. (legacy to NSX)

Do a traceroute from the VM to the SW or the destination server (NSX to legacy)

How are you doing the advertisement in the NSX Edge? Dynamic Routing? Static Routing? DG?

How are you doing the advertisement in Physical SW?

Provide a few SShots of the Edge Interfaces and Routing.

Provide the list of routes on your sw.

Dear Bro,

thanks for your reply. I have uploaded a PDF and given the reply on all your query. Could you please help to check? thank you in advanced.

Regards,

Shyfur

I went through it.

Can you provide the requested sshots?

In the figure 3, you can ping the DLR interface from the ESG. (Check VM firewall) if that is OK, move the VM that you want to ping, to the same ESXi host that the EDGE vm is in. (Maybe you have a vxlan issue)

Figure 1,2 and 4 are all form NSX. Can you do a traceroute and provide the routes that you have in your SW/router?

EDIT= just saw Sreec reply! Provide that (same as I requested in first reply) se we can try to understand a little bit more! =)

One more question. If you have two (2) vms in the same LS but in different ESXi hosts, are you able to reach each other?

Dear NicolasAlauzet​,

Thank you for checking and find my responses below as per your query,

Can you provide the requested sshots?

Shyf: attached all the images. Please let me know if any further images are required.

In the figure 3, you can ping the DLR interface from the ESG. (Check VM firewall) if that is OK, move the VM that you want to ping, to the same ESXi host that the EDGE vm is in. (Maybe you have a vxlan issue)

Shyf: only the isssue is i can not ping the router interface. but i can ping EDGE uplink.

Figure 1,2 and 4 are all form NSX. Can you do a traceroute and provide the routes that you have in your SW/router?

Shyf: from DLR, i can not ping anywhere. only the local interfaces. natural right?

EDIT= just saw Sreec reply! Provide that (same as I requested in first reply) se we can try to understand a little bit more! =)

Shyf: provided

One more question. If you have two (2) vms in the same LS but in different ESXi hosts, are you able to reach each other?

Shyf: yes

Now the only issue is, i cant ping router interface... can ping to EDGE uplink. i attached the ESG interface information and routing table in last reply to Sreec​

thanks again for helping.

regards,

Shyfur

Please, log in vCenter and take some screenshots of the DLR configuration and the Edge configuration.

Interfaces and routing. (like this ones for example)

You can use an application like "lightshot" to take the screenshot and copy paste it. would be easy to understand.

I'm trying to make a simple diagram of the scenario, and will update it soon

Dear NicolasAlauzet​,

as per the advice find the attached sshots. nothing has been configured in dlr global configuration. thanks

regards,

Shyfur

Please, take screenshots of the Configuration - Interfaces for the NSX Edge, and the DLR.

Dear NicolasAlauzet​,

Interfaces information has been uploaded in last reply. should you want me to re-upload or anything missing? Can we connect remotely?

Yes sry, it seems that I went to the @ and when entered to your answer from there I missed the attached files...

So, this is your scenario (correct if needed) (Based on the first diagram that you uploaded, and the latest screenshots)

Please validate:

• Route created in your Router to NSX (Should be something like the one I put in the diagram
• DLR Internal IP is .21 (Please validate if that is right or typo error)
• Validate your VMs (web and db) that have the correct DG configured (as actual configuration should be .21)

I hope this helps this time :smileyconfused:

dear NicolasAlauzet​

you diagram is perfect. the DG for the VMs is definitely .21, image attached for your reference :-( 

regards,

Shyfur

OK, one more test and we will find it for sure...

Do this and record the results please. I know that in the first post you did the same, but lets go in this order:

From a VM (web or db):

PING 192.168.1.21

PING 172.16.6.55

From EDGE:

PING 192.168.1.21

PING 192.168.1.5 and 6 (Your Web and DB VMs)

From Physical Router:

PING 172.16.6.55

PING 192.168.1.21

PING 192.168.1.5 and 6 (Your Web and DB VMs)

Post the results (no need for SS) just put OK or ERROR next to each step =)

Dear NicolasAlauzet​

Please find the results below....

From a VM (web or db):

PING 192.168.1.21 = ok

PING 172.16.6.55 = ok

From EDGE:

PING 192.168.1.21 = ok

PING 192.168.1.25 and 6 (Your Web and DB VMs) = NO

From Physical Router:

PING 172.16.6.55 = ok

PING 192.168.1.21 = NO, ( can reach only to esg downlink )

PING 192.168.1.5 and 6 (Your Web and DB VMs) = NO

reragrds,

Shyfur

From EDGE:

PING 192.168.1.25 and 6 (Your Web and DB VMs) = NO

• For this can you check if there is a FW in the Guest OS (your web and DB)

If thats not the issue, it seems that you are having an issue with VXLAN.

Try this:

• Move the NSX Edge VM and the WEB and DB VMs to the same ESXi Host.

Have a look:

Troubleshooting NSX Infrastructure

Logical Network Preparation: VXLAN Transport

Also this:

Go to your Logical Swith > Select Monitor > Ping and select the source and destination host (between whom test will be performed) by clicking on browse button. Click on “Start Test”

if the test is successful, you will see similar results shown below.

Hi NicolasAlauzet​ and Sreec​

Its pining router interface now. it was an issues with physical router routing. thank you both for helping out. learned a lot :-)

regards,

Shyfur

Is your mikrotik device in bridge mode ?  Please double check your VLAN configurations on mikrotik interfaces which are connected to edges . Also as mentioned in this thread, we need to know the routing protocol  and advertisement config.

Dear Bro,

My mikrotik router is in bridge mode. only 1 interface is connected to the ESXi and its nested environment. how i have attached PDF for better visibility. lab design was uploaded in this thread. thanks in advanced for your help.

regards,

Shyfur

Can you update the below request

1. Place DLR and Edge on same ESXI host and let me know till were you have the connectivity.

2.  ip route print and interface print brief output of mikrotik router

3.  Is there any firewall rules on Edges ?

4.  VLAN ID on Edge Uplink.

Dear Sreec​

As per your query, find my responses below

1. Place DLR and Edge on same ESXI host and let me know till were you have the connectivity.

Shyf: Placed but cant ping Physical router from VM

2.  ip route print and interface print brief output of mikrotik router

Shyf: Image attached

3.  Is there any firewall rules on Edges ?

Shyf: - No

4.  VLAN ID on Edge Uplink.

Shyf: No VLAN. iys just flat network.

Only prb is now, I can reach to EGDE UPLINK. few images has been enclosed for your reference. thanks in advanced for helping out.

regards,

Shyfur

Ok thanks. To be precise , you haven't provided the command level screenshot of your router  ( GUI output is not enough) , never mind . Considering this is nested and router being in bridge mode( i have the same config running in my lab with NSX-T) , i want you to do a simple test and i'm sure that will isolate the issue

1. Connect a VM to Edge uplink ( it should be on the same uplink & portgroup which is leveraged by Microtik device ) , point the default Gateway of VM to Edge uplink ( 172.16.6.14)

2. Check your VM's behind DLR can reach VM behind edge , if it works - NSX configurations is ruled out - if it doesn't work - keep mikrotik connectivity aside and resolve this issue.

3. Potential issue is with nested lab or mikrotik router setup.

DG= Default Gateway.

Chech the network config of your vms, IP, netmask and default gateway!