Network connectivity issues seen with virtual machines using an L2VPN while using an Autonomous Edge
Article ID: 414861
Updated On:
Products
Issue/Introduction
Virtual machines experience network connectivity loss while using an L2VPN over an autonomous edge.
From CLI of the Autonomous edge, check for fragmented packets and MTU:
nsx_autonomous_edge_cli> get logical-routersnsx_autonomousedge_cli> vrf #nsx_autonomous_edge_cli> get interfaces <interface-uuid>Interface : b6fe1a27-####-####-####-5be228854eb4Ifuid : 266Name : lrport_0Fwd-mode : IPV4_ONLYInternal name : uplink-266Mode : lifPort-type : uplinkIP/Mask : 192.168.###.###/24MAC : 00:50:56:##:##:##VLAN : 20Access-VLAN : untaggedLS port : 057131be-####-####-####-84875802aab0Urpf-mode : STRICT_MODEDAD-mode : LOOSERA-mode : RA_INVALIDAdmin : upOp_state : upEnable-mcast : FalseMTU : 1500arp_proxy :
On the other end of the VPN tunnel, the NSX Edge managed by an NSX Manager cluster,
nsx_edge_cli> get logical-router interface stats | more
interface : 40892b08-####-####-####-91f36adc6094ifuid : 273VRF : 1b65cc35-####-####-####-d9cbe333509cname : testIP/Mask : 192.168.###.###/24MAC : 00:50:56:##:##:##VLAN : 100LS port : dda5a069-####-####-####-06eb000c54d8urpf-mode : STRICT_MODEadmin : upop_state : upMTU : 9000statistics RX-Packets : 0 RX-Bytes : 0 RX-Drops : 0 Blocked : 0 DST-Unsupported: 0 Firewall : 0 Malformed : 0 No-Receiver : 0 No-Route : 0 RPF-Check : 0 Protocol-Unsupported: 0 IPv6 : 0 Port-Unsupported: 0 TTL-Exceeded: 0 Kni : 0 Rate-Limit : 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 TX-Packets : 58 TX-Bytes : 2590 TX-Drops : 0 Blocked : 0 Firewall : 0 Frag-Needed : 0 No-neighbor : 0 No-Memory : 0 No-Linked-Port: 0 Rate-Limit : 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 IPsec-Policy-Error: 0 IPsec-Policy-Block: 0 IP Ressemble Fragments-OK: ##### Fragemnts-Error: ##### Fragments-Timeout: 0 IP Fragment Fragments-OK: ##### Fragments-Error: #####
Environment
- VMware NSX
- L2VPN is configured
- NSX Autonomous Edge
Cause
MTU difference between endpoints can cause fragmentation. If large packets are sent through the L2VPN tunnel and fragmented at the receiving side, the communication can experience performance issues, longer transfer times, or fail entirely.
To enable large MTU sizes, it is best practices to ensure all networking components are using the same MTU setting.
Resolution
To change MTU of an lrport it can be done at time of install(Select the correct MTU on the port group) or with the below API
- Run a
GETrequest to/api/v1/portsto list all logical ports. Identify the port you want to modify and copy the UUID. From the output, identify the ID of the port to edit (i.e.lrport_0)
- Run a
GETrequest to/api/v1/ports/<UUID from Step 1>using the port’s ID to retrieve its full configuration. You should see the incorrect MTU (1500 in this example) in the body of the response.GET https://<IP or FQDN of Autonomous Edge>/api/v1/ports/<lrport_0 ID>{"display_name": "lrport_0","exit_interface": "eth2","id": "<lrport_0 ID>"mac_address": "##:##:##:##:##:##","mtu": 1500, <-- Default MTU"resource_type": "LogicalRouterPort","subnets": [{"ip_addresses": ["<Logical Port IP address>"],"prefix_length": 24}],"urpf_mode": "STRICT","vlan_id": <VLAN>}
- Run a
- Copy the full JSON response (as shown above) and change the "mtu" value from 1500 to 9000. Make sure to preserve all other required fields in the body.
- Send a
PUTrequest to/api/v1/ports/<UUID>with the modified JSON body to update the port.
- Confirm the change by running another
GETrequest to/api/v1/ports/<UUID>and verify that MTU value now shows 9000.
{"display_name": "lrport_0","exit_interface": "eth2","id": "<lrport_0 ID>","mac_address": "##:##:##:##:##:##","mtu": 9000,"resource_type": "LogicalRouterPort","subnets": [{"ip_addresses": ["<Logical Port IP address>"],"prefix_length": 24}],"urpf_mode": "STRICT","vlan_id": <VLAN>}
- Confirm the change by running another
Additional Information
Verify configuration of the L2VPN tunnel between sites
Feedback
