BGP Sessions Across NSX Fail to Establish After Attaching T1 Router to a VRF-Lite T0 Gateway
search cancel

BGP Sessions Across NSX Fail to Establish After Attaching T1 Router to a VRF-Lite T0 Gateway

book

Article ID: 416682

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Attempting to establish BGP between physical servers outside of NSX environment, but traffic traverses NSX via a L2 Bridge to a T1 Edge. 
  • BGP may establish successfully with T1 attached to a parent T0, but fails to establish when the T1 is attached to a VRF-Lite T0. 
  • External interface(s) on parent T0 show Rx drops due to "rx_drop_ttl_exceeded".
  • Rx Packet captures at the T0 Edge interface (capture point VnicRx) shows Time To Live is 1 and ICMP packets with "Time-to-live exceeded" 

Environment

VMware NSX

Cause

The T0 Edge drops packets with Time to Live set to 1 as it cannot get these packets to the VRF-Lite T0 without exceeding the Time to Live. 

 

Resolution

Increase TTL from the sender and these TCP packets should be able to traverse the NSX data path. Since the sender and receiver are outside of NSX, but bridging traffic into the NSX environment, TTL must be increased accordingly. 

Powered by Wolken Software