Edge Tunnels Down when hosting NSX-T on the same DVS

This post was originally published on this site

When you’re using a DVS for your NSX-T overlay transport zone, you have to think about where your edges will be connected to the overlay network. If the edge is attached to a distributed port group created on the same DVS in the same VLAN, it doesn’t work.

In the picture, we can see that both tunnel endpoints are down. I’m hosting two virtual machines attached to an NSX segment based on an overlay transport zone. The segment is attached to a T0-Gateway for north-south connectivity. 

The Alarms section also warns us that the edge overlay network is down.

The first interface of the edge is connected to the “Edge-Uplink-Management” distributed port group. The second interface is connected to the “Edge-Uplink-Overlay” distributed port group. Interface 3 and 4 are connected to the “Edge-Uplink-VLAN” port group. 

The VMK10 Geneve tunnel endpoint on the ESXi host is using the same DVS and is configured with the same VLAN-ID 0. 

After creating a second DSwitch Edge alongside the one that’s used by NSX-T, I’m reconfiguring the second adaptor of the Edge virtual machine.

After a while, the tunnels on the Edge are reestablished. 

So when you’re using and N-VDS or VDS for NSX-T and you’re placing an Edge on the same switch you have to put the Edge overlay in a different subnet. The Geneve traffic that originates from the Edge is not allowed to pass a switch that’s hosting a tunnel endpoint for ESXi (VMK10).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.