IBGP is not Established on a Stretched Tier-0 in an NSX-T Federation Deployment
search cancel

IBGP is not Established on a Stretched Tier-0 in an NSX-T Federation Deployment

book

Article ID: 422021

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • When deploying a stretched Tier-0 Gateway in a Federated NSX-T environment, Inter-Site BGP (IBGP) peering is required for route exchange between locations.
  • IBGP sessions between Tier-0 SRs rely on Remote Tunnel Endpoint (RTEP) interfaces. If the RTEPs cannot communicate over Layer 3 or Layer 2, the IBGP sessions will remain in a “Connect” state and will never reach the “Established” state. 

Environment

VMware NSX

Cause

IBGP cannot establish between the Tier-0 SRs because the RTEP interfaces do not have functional L3 or L2 reachability between sites.

The RTEPs are responsible for cross-site communication for services such as:

  • Inter-SR BGP

  • Federation control/route exchange

  • Stretched Tier-0 service routing

If upstream routing (TOR or aggregation layer) does not advertise the RTEP subnets, or if ACLs/firewalls block this traffic, IBGP will remain in Connect and will never proceed to Established.

Resolution

1. Validate IBGP State on the NSX-T Edge Node

Enter debug mode, move into the internal VRF, and review the BGP neighbor table:

 
edge01> set debug
edge01> vrf internal edge01(inter_sr_vrf)> get bgp neighbor summary

Example output:

BFD States: NC - Not configured, DC - Disconnected
            AD - Admin down, DW - Down, IN - Init, UP - Up
BGP summary information for VRF inter_sr_vrf for address-family: ipv4Unicast
Router ID: 192.168.#.#  Local AS: 650##

Neighbor                             AS         State   Up/DownTime  BFD InMsgs  OutMsgs InPfx OutPfx
169.254.##.##                        650##      Connect 4d21h36m     NC  423367  423383  20    20
 

Interpretation

  • The neighbor is visible, so configuration is correct

  • The state is Connect, not Established → indicates transport (RTEP) failure

  • BFD is NC (Not configured) here, but the BGP state is still the indicator

When IBGP cannot transition beyond Connect, this is almost always due to missing adjacency between RTEPs.

2. Validate RTEP ↔ RTEP Path Using Traceroute in the RTEP VRF

Move into the RTEP VRF on the Edge Node and perform a sourced traceroute:

edge01> vrf <RTEP-VRF-NAME>
edge01(RTEP-VRF)> traceroute <destination-RTEP-IP> source <local-RTEP-IP>
 

Expected Failure Condition

If the traceroute stops at the first hop (Top-of-Rack switch) or somewhere upstream:

  • This indicates no route exists for the remote RTEP subnet

  • Or intersite routing/ACLs are blocking traffic

  • Or encapsulated traffic is not allowed through intermediate routers

Action Required

You must contact the physical network provider (3rd-party router/switch team) to:

  • Advertise the RTEP networks between sites

  • Ensure L3 reachability

  • Confirm no ACL/firewall blocks exist

  • Verify that RTEP VLANs/L2 extension (if used) is functioning

RTEPs must have bidirectional connectivity for NSX-T Federation routing to operate.

3. Confirm Resolution

Once physical network reachability is restored:

  • RTEPs begin communicating

  • IBGP transitions from Connect → Active → Established

  • Route advertisement between sites is functional

  • Stretched Tier-0 routing stabilizes

You can recheck the state with:

edge01> vrf internal edge01(inter_sr_vrf)> get bgp neighbor summary

You should now see:

State: Established

Additional Information

Configure Edge Nodes for Stretched Networking

Troubleshooting NSX TEP/BFD Tunnels between ESXi hosts and Edges

Inter-SR iBGP neighbor not visible in 'get bgp neighbor summary'

Powered by Wolken Software