How to identify next-hop edge node for Tier-1/Tier-0 gateways in active-active mode
search cancel

How to identify next-hop edge node for Tier-1/Tier-0 gateways in active-active mode

book

Article ID: 369271

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

For Tier-1/Tier-0 gateways in active-active mode 'get logical-router <uuid> forwarding' will show two default routes in the forwarding table with gateway pointing to both edges. This KB provides steps to identify correct edge node used for a particular flow from a specific host.

Environment

VMware NSX-T Data Center
VMware NSX

Resolution

In the below example, there are two default routes in forwarding table of this particular router. This is a Tier-1 router in Active/Active HA mode.

[root@esx:~] nsxcli
esx.example.local> get logical-router 2214affb-####-####-9d85-bd5fda6d73eb forwarding
Wed May 22 2024 UTC 08:02:12.113
                                       Logical Routers Forwarding Table
--------------------------------------------------------------------------------------------------------------
Flags Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
[H: Host], [R: Reject], [B: Blackhole], [F: Soft Flush], [E: ECMP]
 
                   Network                               Gateway                Type               Interface UUID
==============================================================================================================
0.0.0.0/0                                              169.#.#.2              UGE     348953c8-####-####-be05-88edcf7b83a6
0.0.0.0/0                                              169.#.#.1             UGE     348953c8-####-####-be05-88edcf7b83a6
 
For this particular flow from source 172.#.#.# to destination 8.#.#.88, run the following command on source host (where VM 172.#.#.# resides) to identify correct gateway.

Command syntax -
[root@esx:~] net-vdr -R -o resolve -e <source-ip> -i <destination-ip> <logical-router-UUID>

[root@esx:~] net-vdr -R -o resolve -e 172.#.#.# -i 8.#.#.88 2214affb-####-####-9d85-bd5fda6d73eb
 
DR 2214affb-####-####-9d85-bd5fda6d73eb Route Table
Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
Legend: [H: Host], [B: Blackhole], [F: Soft Flush] [!: Reject] [E: ECMP]
 
Destination      GenMask          Gateway          Flags    Ref Origin   UpTime     HitCount   Lif UUID
-----------      -------          -------          -----    --- ------   ------     --------   ---------
0.0.0.0          0.0.0.0          169.#.#.2      UGE      3   618619     113224     348953c8-####-####-be05-88edcf7b83a6
[root@esx:~]

To find out which edge holds gateway login to each edge and check interface IP address.
1. Get all logical routers on the edge.
edge> get logical-routers

2. Note VRF number and login to the correct SR router using its VRF ID. For e.g. if here VRF is 2.

62124bbf-##-4d64-###-573064b18dc1   8      1027   SR-T1-####-01                  SERVICE_ROUTER_TIER1        5       2/50000

edge> vrf 2

3. Now check interface IP address.
edge(tier0_sr[2])> get interfaces | more
Option '| more' will display output one page at a time.

Additional Information

Return path for traffic originating from outside NSX entering NSX edge will be determined by uplink ToR switch.

Powered by Wolken Software