[VMC on AWS] Subnet overlap error while creating Route based vpn tunnel
Article ID: 345377
Updated On:
Products
Issue/Introduction
Setup vpn connectivity between vmc on aws and onprem/remote environment.
Symptoms:
When a user is trying to create route based vpn tunnel from VMC console, tunnel goes into error state
Error seen on VMC UI:
[Routing] Subnet [169.254.10.40/30] should not overlap with existing logical router port's subnet [LRPort/91b030ec-####-####-####-########4a8]
Error seen in LINT:
<99>1 2021-01-18T09:50:01.385Z mp NSX 1455 ROUTING [nsx@6876 comp="nsx-manager" errorCode="MP10048" level="ERROR" reqId="c9a28147-####-####-####-########c54" subcomp="manager" username="nsx_policy"] [entId=986a80ce-####-####-####-########e21] Given network [169.254.10.40/30] should not overlap with existing logical router port's subnet [LRPort/91b030ec-####-####-####-########4a8]
Cause
Link local range used for BGP local and remote IP address should not overlap with reserved IP address ranges which used internally by SDDC network components.
Following are reserved address ranges in SDDC networks:
- 169.254.0.0/19
- 169.254.101.0/30
- 169.254.105.0/24
- 169.254.106.0/24
Resolution
Per RFC 3927, all of 169.254.0.0/16 is a link-local range that cannot be routed beyond a single subnet. However, with the exception of these CIDR blocks, you can use 169.254.0.0/16 addresses for your virtual tunnel interfaces.
Additional Information
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.networking-security/GUID-658253DB-F384-4040-94B2-DF2AC3C9D396.html
To create route based vpn, please check following document:
https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.networking-security/GUID-5AF45CE6-FA53-45C0-83E5-25F8E3A055E9.html#GUID-5AF45CE6-FA53-45C0-83E5-25F8E3A055E9
Feedback
