In this series, we are going to validate if our Web-Server can talk to our ESG router with the configuration we did.
Blog Series
- Installing NSX-V 6.4
- Configure Controller Nodes and enable CDO mode in NSX-V 6.4
- One Page View of all NSX-V commands
- Configure VXLAN and Prepare ESX hosts for VXLAN traffic
- Configure the Transport Zone and Logical Switches
- Configure Distributed Logical Router
- Configure Edge Services Router (ESG)
- Verifying VXLAN Connectivity
- Regenerate Self-signed Certificate on NSX-V
- DLR VM SSH Access
- Backup NSX-V Manager
- Dynamic routing with OSPF in DLR
- Dynamic routing with OSPF in ESG
- VMware NSX Edge Load Balancer
- VMware NSX Edge Load Balancer SSL Offloading
- NSX-V Firewall & Microsegmentation
- NSX-V Firewall Service Composer
Because we haven’t yet defined dynamic routing using BGP or OSPF yet, we are going to add a static route on our ESG router.
Go to ESG Router > Routing > Static Route
Define a static route for our web subnet as below
The above step ensures that any traffic bound for 192.168.11.0/24 should be forwarded to 172.27.11.2.
172.27.11.2 is our DLR router UPLINK interface
Login to our web01 VM and issue ifconfig.
Verify if we are able to ping the default gateway on the DLR for WEB-SERVERS logical switch
192.168.11.1 is our gateway for our WEB-SERVERS Logical Switch
Now, verify if we are able to ping the default gateway of our DLR router
172.27.11.2 is our gateway for our DLR Router
Finally we need to check if we are able to connect to our ESG router interface
172.16.11.251 is our gateway for our ESG Router
Troubleshooting
DLR can’t ping ESG – There is known limitation when using static routes.
https://kb.vmware.com/s/article/2117818
Summary
We have succesfully validated end to end communication between our ESX>VM>DLR>ESG