VMware NSX

  • Private Community
 View Only

  • 1.  NSX-T 3.0: Adding interfaces to VRF gateway failing

    Posted Oct 05, 2020 01:28 AM

    Adding interfaces to an VRF gateway is failing with the following error.

    From developer tools I collected the following API request and response NSX-T manager UI is sent and received.

    API Request for add interface request

    {"subnets":[{"ip_addresses":["10.10.151.2"],"prefix_len":"24"}],"type":"EXTERNAL","segment_path":"/infra/segments/EDGE-NVDS-VRF-RED-TOR-L","display_name":"test","urpf_mode":"STRICT","access_vlan_id":"151","edge_path":"/infra/sites/default/enforcement-points/default/edge-clusters/a3f99a45-0a19-4cf1-a0a6-a89a68e4b8d4/edge-nodes/55875f6f-1b36-4476-818a-7535406ce005","id":"test"}

    Response

    {

      "httpStatus" : "BAD_REQUEST",

      "error_code" : 528009,

      "module_name" : "Policy",

      "error_message" : "Provider interface in default tier0 /infra/tier-0s/mahi-vrf-tier-0 should cover edge paths in VRF interfaces."

    }



  • 2.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing
    Best Answer

    Posted Oct 05, 2020 11:47 AM

    Have you configured the Parent T0 and its external interface before configuring the VRF?



  • 3.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing

    Posted Oct 05, 2020 11:10 PM

    Thanks for the response.

    I do created Parent T0 but not the external interface. Now after creating the external interface on Parent T0 the VRF gateway interface configuration went through. I followed the configuration in the blog http://www.vstellar.com/2020/09/16/configuring-vrf-lite-in-nsx-t-3-0/

    and it didn't talked about the configuration external interfaces on Parent T0. Could you point me to a doc that has  proper steps to configure the VRF gateway?

    What is the role of the Paren T0 external interface configuration here? I see the parent external interface should be connected to a non-trunk vlan segment, whereas the VRF external interface should be connected to trunk vlan segment.



  • 4.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing

    Posted Oct 06, 2020 06:02 AM

    Hey rajala

    Actually that blog post start with an architecture where it has an external interface configured in the T0. I could not find a document, even the official, where it states that you need that as I learned that from a Design session. However in this blog post you can see that he configures a T0 External interface: https://vdcnetworker.blog/vrf-lite-on-nsx-t-3-0/

    To be honest with you I am not 100% sure of why this is needed and if this is used during the exchange of the routes but I think it is used for Inter-VRF connectivity. However I am not 100% sure.



  • 5.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing

    Broadcom Employee
    Posted Oct 06, 2020 12:37 PM

    This is because vrf uplinks need a connection to Tier-0 gateway interface which should be in Trunk mode to peer with upstream routers.



  • 6.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing

    Posted Oct 06, 2020 12:43 PM

    Sreec​,

    Quick question, this external interface also needs a BGP peering to be configured with the next hop router?



  • 7.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing

    Broadcom Employee
    Posted Oct 06, 2020 12:50 PM

    Not required . However you can use it for routing other workload subnets which are not in VRF routing table.



  • 8.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing

    Posted Oct 06, 2020 12:57 PM

    Good to know that, thanks for the clarification, it was also my doubt :smileygrin:



  • 9.  RE: NSX-T 3.0: Adding interfaces to VRF gateway failing

    Posted Oct 06, 2020 07:20 PM

    Thank you very much Lalegre and Sree. Appreciate your help.

    Have a great day!!!