East-West connectivity between VMs connected to two different overlay segments and Tier-1 gateways is down
search cancel

East-West connectivity between VMs connected to two different overlay segments and Tier-1 gateways is down

book

Article ID: 408951

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Consider the diagram below -

  • VMs are connected to two different overlay segments.
  • Each segment is connected to a separate Tier-1 router.
  • VM-A and VM-B are unable to connect to each other.

Environment

VMware NSX

Cause

Tier-1 router does not have route advertisement allowed for 'All Connected Segments and Service ports' so Tier-0 routing table does not have route to destination VM network.

Here is an example of Tier-1 connected route learnt in Tier-0. This can be verified from edge CLI.

  • Login to edge CLI using 'admin' account and check for logical-routers.
    edge01> get logical-routers
     
  • Connect to Tier-0 SR VRF
    edge01> vrf 2
     
  • Check all the routes, t1c indicates Tier1-Connected. In non-working state this route would be missing for the destination network.

    edge(tier0_sr[2])> get route
    Flags: t0c - Tier0-Connected, t0s - Tier0-Static, b - BGP, o - OSPF
    t0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,
    t1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,
    t1d: Tier1-DNS FORWARDER, t1ipsec: Tier1-IPSec, isr: Inter-SR,
    ivs: Inter-VRF-Static, > - selected route, * - FIB route

    Total number of routes: #

    <snip>
    t1c> * 172.16.#.#/24 [3/0] via 100.64.#.#, linked-297, 6d20h25m



Resolution

Edit Tier-1 configuration and enable route advertisement for 'All Connected Segments and Service ports'.

Additional Information

If you don't want to advertise all connected routes, you can specify which routes to advertise.

Powered by Wolken Software