How to associate cf orgs with SNAP IP addresses in NSX-T
search cancel

How to associate cf orgs with SNAP IP addresses in NSX-T

book

Article ID: 297309

calendar_today

Updated On:

Products

VMware NSX

Environment

Product Version: 2.5

Resolution

Each org is assigned to a T1 router in NSX-T. In the NSX manager, you can look at the T1 router configuration and see the subnet assigned to that router. There is also a SNAT IP address that corresponds to that T1 router.

The easiest way to get these values for all of your orgs is to use the nsxcli on the diego_database VM. Here is a sample of how to execute the command remotely using the bosh CLI:  
bosh ssh -d cf-fbc13f209c3e29a23b35 diego_database/1d77847b-a68a-4038-a897-1f87a04ced37 "sudo /var/vcap/jobs/ncp/bin/nsxcli -c get org-caches"

Here is some sample output:
  
ubuntu@opsmgr-pas-01-haas-50-pez-pivota:~$ bosh ssh -d cf-fbc13f209c3e29a23b35 diego_database/1d77847b-a68a-4038-a897-1f87a04ced37 "sudo /var/vcap/jobs/ncp/bin/nsxcli -c get org-caches"
Using environment '172.25.0.11' as client 'ops_manager'Using deployment 'cf-fbc13f209c3e29a23b35'Task 2802. Done
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stderr | Unauthorized use is strictly prohibited. All access and activity
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stderr | is subject to logging and monitoring.
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |     0c322c55-a645-4463-b954-f6fa9baa0d0e:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         ext_pool_id: 00004f98-0b81-4fd0-bc03-67509a9112bc
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         isolation:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             isolation_section_id: a8bb1020-20f2-4352-8478-7003924e6e4c
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         logical-router: 3e0c3f22-a2c0-4b04-a4ae-5eec8f6c504b
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         logical-switch:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             id: 9883b348-0741-41d7-9368-0aeefb3c7d7b
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             ip_pool_id: 243aff6e-7b90-48bb-903f-d0e8426fd629
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             subnet: 172.26.2.0/24
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             subnet_id: 7e799401-24a9-4fef-923d-fe5b4c5d6d2d
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         name: Ice
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         snat_ip: 10.193.103.123
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         spaces:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             4f5eeff6-f472-4360-88e5-a738fff96ac5
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |     6d586adc-a36c-4212-a25f-4c8fba0c8843:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         ext_pool_id: 00004f98-0b81-4fd0-bc03-67509a9112bc
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         isolation:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             isolation_section_id: eb62ef62-e48e-42ca-afd4-69ac3e55a76c
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         logical-router: 97e6695c-a742-4ffb-9951-facfc7a3996f
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         logical-switch:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             id: 762577fb-dfea-46e6-8fe6-d11e9a778d31
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             ip_pool_id: 0029da4c-c95d-4dd9-9cc7-7fb163845452
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             subnet: 172.26.1.0/24
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             subnet_id: d1a735c3-0958-4037-9f12-90798f217777
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         name: system
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         snat_ip: 10.193.103.121
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         spaces:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             ac5a3c6d-a488-4b36-a231-0856fd3f0ebb
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             eb10800c-1ac5-4d46-a3db-5fd8c5197197
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             ed8f798e-d4ee-438d-8aed-2adeeff5284d
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             eb07c30a-d5da-49e7-b08b-404c7e58e6d4
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |     7e95ccbc-89f9-4b30-aa9c-25a7b17d53ee:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         ext_pool_id: 00004f98-0b81-4fd0-bc03-67509a9112bc
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         isolation:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             isolation_section_id: 70f88169-b9cd-4539-9d51-bbd0314b5fcf
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         logical-router: 7c050ea0-51ac-4841-a873-e8d1e95ba057
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         logical-switch:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             id: 5f41ffbb-67aa-46d8-b39b-2c9e07a27f17
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             ip_pool_id: 7f78a4e4-2535-4caa-a921-a3fc10c5bca6
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             subnet: 172.26.0.0/24
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             subnet_id: 8a4b8b6d-8ba0-4156-aa53-1cf4a476360e
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         name: test
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         snat_ip: 10.193.103.122
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |         spaces:
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |             ed2c2664-f9b6-4e38-b339-2947c034328a
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stdout |
diego_database/1d77847b-a68a-4038-a897-1f87a04ced37: stderr | Connection to 172.25.1.16 closed.Succeeded
Likewise, in the NSX manager GUI, you can look up the T1 router for the org, then look at Configuration / Routers to see the uplink T0 parent router. In the configuration for that T0 router, look at the NAT rules, and find the rule for the subnet of the T0 router; that NAT rule will show you the SNAT IP address.

Powered by Wolken Software