Well its a short post and will not take long.
In my recent engagement, we completed the VMware cloud foundation management domain bring-up with AVN but without BGP.
I have posted about bring-up without BGP topic in a separate post.
Below image shows the connectivity diagram. (dummy values).
Post bring-up completion we started with the link failover testing, but even before we could start it we saw that from a VM hosted on a NSX-T overlay segment if we ping all our uplink switches physical IPs we are only able to ping one. It made me realize that something isn't deployed correctly.
But as we all know that VCF does everything on its own and making changes directly to the product may break VCF hence we didn't take chances, but opened a case with VMware GSS.
As expected VMware GSS confirmed that URPF mode is not set to none by VMware cloud foundation workflows, it needs to be changed manually!!
Hence to save some time for you, I am writing this post. When you deploy VCF, do make a point to set URPF mode to none on each edge node interface using NSX-T manager console.
If you are wondering what is URPF then please read this article once Understanding Unicast Reverse Path Forwarding
Steps to set URPF mode to none are listed below.
1) Login to NSX-T datacenter console.
2) Navigate to Networking and select Tier-0 gateways.
4) Click on Edit, and navigate to interfaces.
6) Set URPF mode to none scroll down and save.
7) Repeat same steps for all remaining interfaces.
I hope I was able to add value, if your answer is yes, then don't forget to share and follow. 😊
If you want me to write on specific content or you have any feedback on this post, kindly comment below.
If you want, you can connect with me on Linkedin, and please like and subscribe my youtube channel VMwareNSXCloud for step by step technical videos.
I would be careful providing a blanket statement suggesting to disable uRPF. It has its place, and is generally preferred to be kept on.
ReplyDeleteUnless you have a true asymmetric routing issue, this should be left to default = strict. Rather than simply disabling uRPF, the basic checks and balances should be performed to ensure that uRPF is indeed discarding frames due to an asymmetric routing topology.
You may be masking bad config by disabling uRPF!
You are correct, however thats why I have mentioned when you have ECMP and uplink switches are configured with HSRP or VRRP, packets gets discarded if same path isnt followed. GSS guy I worked with suggested that he has already submitted a report for KB creation for the same. How soon I am not sure. But trust me its not a blanket statement, its based on use case and exact issue description that you only get a response from one switch.
Delete