NSX-T Edge has no connectivity across the Tunnel Interface
search cancel

NSX-T Edge has no connectivity across the Tunnel Interface

book

Article ID: 306196

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
Unable to ping the Default Gateway from VRF 0 and all BFD Tunnels showing as Down.

Environment

VMware NSX-T Data Center 2.x
VMware NSX-T Data Center

Cause

If the Edge is prepared as a Transport Node and afterward, the tunnel interface is changed to a different fp-eth interface (on the edge), then the MAC is not updated to reflect the new FP Interface MAC.

In the Below outputs the FP-ETH0 and FP-Eth4 are part of same PG from the Host/VC prespective.

ESG-107> get interface fp-eth0
Interface: fp-eth0
  ID: 0
  Link status: up
  MAC address: 00:50:#:#:#:#
  MTU: 1600
  PCI: 0000:0b:00:00

ESG-107> get interface fp-eth2
Interface: fp-eth2
  ID: 2
  Link status: up
  MAC address: 00:50:#:#:#:#
  MTU: 1600
  PCI: 0000:1b:00:00


Now, check the Interface MAC for TEP interface under VRF 0.
  
ESG-107> vrf 0
ESG-107(vrf)> get interfaces
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-####-###### 0 0 TUNNEL
interfaces
    interface : 9fd3c667-32db-5921-#####-#########
    ifuid : 258
    mode : blackhole

    interface : e61b08cf-a2ec-5d3e-####-#########
    ifuid : 467
    name :
    mode : lif
    IP/Mask : 10.#.#.#/24
    MAC : 00:50:#:#:#:#
    LS port : 476c5ac7-2fc9-53ae-###-########
    urpf-mode : PORT_CHECK
    admin : up
    op_state : up
    MTU : 1600


ESG-107(vrf)> ping 10.#.#.#
PING 10.#.#.# (10.#.#.#): 56 data bytes
64 bytes from 10.#.#.#: icmp_seq=0 ttl=64 time=4.035 ms
64 bytes from 10.#.#.#: icmp_seq=1 ttl=64 time=1.789 ms


Now change the Interface from the FP-eth0 to FP-Eth4 by Editing the ESG TN configuration from NSX-T Manager.

ESG-107(vrf)> get interfaces
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-####-######### 0 0 TUNNEL
interfaces
    interface : 9fd3c667-32db-5921-####-#########
    ifuid : 258
    mode : blackhole

    interface : e61b08cf-a2ec-5d3e-####-########
    ifuid : 472
    name :
    mode : lif
    IP/Mask : 10.#.#.#/24
    MAC : 00:50:#:#:#:#
    LS port : 476c5ac7-2fc9-53ae-####-########
    urpf-mode : PORT_CHECK
    admin : up
    op_state : up
    MTU : 1600


ESG-107(vrf)> ping 10.#.#.#
ESG-107(vrf)>
--- 10.#.#.# ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

*Root Cause*
MAC is only updated during the TN preparation, changing the pNIC doesn't trigger the MAC update.

Resolution

The issue will be fixed in NSX-T 2.4.1 release of NSX-T

Workaround:
Change the TEP Pool to different IP Pool, save the configuration.

get interfaces
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-####-######## 0 0 TUNNEL
interfaces
    interface : 9fd3c667-32db-5921-####-##########
    ifuid : 258
    mode : blackhole

    interface : 25b096d7-801a-544f-#####-##########
    ifuid : 498
    name :
    mode : lif
    IP/Mask : 10.#.#.#/24 Since we changed the IP Pool, allocated the new IP and also updated the MAC.
    MAC : 00:50:#:#:#:#
    LS port : b4d51fa0-c28e-52c0-######-#########
    urpf-mode : PORT_CHECK
    admin : up

Again edit the ESG TN configuration and revert back to Original TEP Pool.

ESG-107(vrf)> get interfaces
Logical Router
UUID VRF LR-ID Name Type
736a80e3-23f6-5a2d-#####-######### 0 0 TUNNEL

    interface : 6be42cc4-10dd-5e7f-####-#########
    ifuid : 504
    name :
    mode : lif
    IP/Mask : 10.#.#.#/24
    MAC : 00:50:#:#:#:#
    LS port : 5f016578-d0dc-5037-####-###########
    urpf-mode : PORT_CHECK
    admin : up
    op_state : up
    MTU : 1600
ESG-107(vrf)> ping 10.#.#.#
PING 10.#.#.# (10.#.#.#): 56 data bytes
64 bytes from 10.#.#.#: icmp_seq=0 ttl=64 time=3.438 ms