The Distributed Logical Router cannot be used as the default gateway when using L2VPN to stretch two VXLAN networks
search cancel

The Distributed Logical Router cannot be used as the default gateway when using L2VPN to stretch two VXLAN networks

book

Article ID: 314294

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • When using L2VPN to stretch two VXLAN networks, the distributed logical router (DLR) is used as the default gateway
  • VMs on the remote side of the VPN in relation to the DLR instance cannot reach IPs on remote subnets
  • VMs on the remote side of the VPN in relation to the DLR instance cannot ping the DLR IP
  • VMs that are local to the DLR instance are able to ping the DLR IP and reach IPs on remote subnets


Environment

VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x

Cause

The VMs on the remote side of the L2VPN will resolve the vMAC of the DLR instance successfully but will not be able to reach the DLR IP and will be unable to reach IPs on other subnets as a result.  Because the DLR vMAC is the same for all DLR instances, the packets destined for the DLR are forwarded to the DLR port on the DVS at the remote site instead of being forwarded across the L2VPN where the correct DLR instance resides.

Resolution

Consider one of the following solutions:
  1. Use cross-VC NSX and universal logical switch and logical router features as opposed to L2VPN.
  2. Locate the default gateway for the stretched networks on an Edge gateway VM as opposed to using the distributed logical router.


Powered by Wolken Software