Unable to route traffic from external network via the L2 link to NSX Tier-1 and then back to the internet from Tier-0
search cancel

Unable to route traffic from external network via the L2 link to NSX Tier-1 and then back to the internet from Tier-0

book

Article ID: 411773

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Service interface is configured on Tier-1 gateway.
  • Ingress traffic is received at the Service Interface and is expected to follow the datapath from Tier-1 to Tier-0.
  • However, the return traffic is dropped at associated Tier-0 logical routers on edge
  • To verify the drop we can use below command on the associated edge

get logical-router interface stats

sample:

    RX-Drops    : 10
        Blocked     : 0
        DST-Unsupported: 0
        Firewall    : 0
        Malformed   : 0
        No-Receiver : 0
        No-Route    : 10 <<<<<<
        RPF-Check   : 0

 

Environment

VMware NSX-T Data Center

VMware NSX

Cause

Dropped at Tier-0 logical routers interface

Resolution

  • In NSX Manager UI, go to Networking  > Tier-1 Gateways.
  • Edit specific Tier-1 gateway and confirm if  'All Connected Segments & Service Ports' option is enabled under 'Route Advertisement'.
  • If not enabled, toggle the radio button to enable 'All Connected Segments & Service Ports'.
  • Save the changes.

Additional Information

Refer the configuring gateways and segments link for more details.

Powered by Wolken Software