• You are running IPV4 and/or IPv6 BGP to peer with next hop router.
• You will observe there are BGP down alarms in the NSX-T UI for either IPV4 or IPv6.

• You have configured BGP allow rules on the Tier-0 Gateway firewall.
• You have configured IPV4 or IPv6 for the IP protocol for the BGP allow rule similar to the screenshot below:

• You will either have inet or inet6 in the rule on the NSX-T edge cli when running command get firewall <firewallinterfaceUUID> ruleset rules

   

   Rule      : inout inet protocol tcp from any to any port 179 accept
   Rule      : inout inet6 protocol tcp from any to any port 179 accept 

• • Inet protocol in the first rule above means IPv4 traffic will be processed only.
  • Inet6 protocol in the second rule above means IPv6 traffic will only be processed only.

NOTE: The preceding log excerpts are only examples. Date, time and environmental variables may vary depending on your environment.

VMware NSX-T Data Center 4.x

VMware NSX-T Data Center 3.x

• If you a running IPv4 and/or IPv6 BGP the traffic will get dropped by the Tier-0 gateway firewall if the appropriate IP protocol is not enabled. See Documentation for reference.

• If you are using IPv4 only then set the IP protocol to IPV4 only.
• If you are using IPv6 only then set the IP protocol to IPv6 only.
• If you are using both then set the IP protocol to IPv4-IPv6.

See Documentation for creating a Gateway Firewall Policy and Rule for reference.