Hello everybody and nice to meet you!
I'have a lot of questions but i'll begin with this one, because it's strange. I have installed a nested NSX-T Environment for routing only VLAN Segment. Everything gone almost well but i have a strange behavior. This is my configuration
- 4 VLANs backend on NVDS Segment
- One T0 routing this VLANs with an interface on same subnet of pfsense (as external router) (Edge with uplink on same NVDS)
- Pfsense has an interface ip 172.16.2.254 and T0 172.16.2.252
My VLANs Backend works fine , i can connect vm to internet, i can route each other and so on ... but a strange behavior happen.
Assume that a vlan backend vm has ip 10.0.200.10 with a def-gw 10.0.200.254 direct connected with T0. Login on edge and :
traceroute to 10.0.200.10 (10.0.200.10), 30 hops max, 60 byte packets. --> TRACEROUTE FROM T0
1 172.16.2.254 0.331 ms 0.427 ms 0.356 ms. --> ASK TO PFSENSE
2 172.16.2.252 2.250 ms 2.113 ms 3.661 ms. ---> BACK IN T0
3 10.0.200.10 4.041 ms 3.837 ms 3.404 ms. ---> CLIENT
What happen is that T0 (who as an interface direct connected on subnet VLAN with ip address 10.0.200.254) ask to pfsense (172.16.2.254 that is T0 default gateway) which respond, hey, you've got the subnet direct connected!
That would mean that if i didn't create a static route on pfsense my T0 would forward out the request for this subnet, even if it has the subnet direct connected.
Again
traceroute to 10.0.200.254 (10.0.200.254), 30 hops max, 60 byte packets ---> FROM T0
1 172.16.2.254 1.340 ms 1.255 ms 1.150 ms --> TO PFSENSE
2 10.0.200.254 1.862 ms 1.761 ms 1.721 ms ---> OK NOW DIRECT TO .254 ( AND 172.16.2.252 JUMPED?)
This happen with all segment.
I hope I have clearly explained what I mean. In my opinion something is wrong. What do you think about? Why T0 forwards the routing request to pfsense instead of processing it directly?
Thank a lot!
Alessandro