It appears this has been resolved in 3.1, so now you can have the Edge TEP and host TEP on the same VLAN - even if on the same host! I have not tested this, but it should work.
Hello NRYD, Is it possible to utulize one VDS for Transport Node and NSX EDGE on desing where transport nodes host's the edge on themslefs ? communities.vmware.com/thread/645002?start=15&tstart=0
Hello Mike, you mentioned that it was working for you! so how was it work and what was those esxi config! so is this issue still exist on 2.4 or 2.5 version
Hi Mike. Thanks for all the awesome videos. I have this in my lab and it works fine. The only thing to remember is that the Edge uplinks HAVE to be NSX VLAN backed segments instead of DVS portgroups.
Great video. This makes sense since the geneve packet is recieved on the TransportNode TEP first. And that interface is not a switch/routed interface. It's like if a PCs NIC recieves a frame destined for an IP address that's not it's own. It will just drop the frame and do nothing with it.
Exactly! It makes total sense, but for some reason I (and my colleagues) have never really considered that. I always thought of it in context of a separate edge host. Learn something new every day!
Thanks for that, I participate in the VMware discord and though we've had this discussion several times, no one seems to have come up with an edge case where this causes an issue.
Thanks for the input! I haven't seen it cause issues with my customers, but I've also always recommended two separate TEP VLANs :) I'll probably continue to go with two TEP VLANs, but if I'm 100% the edges will stay on an edge host cluster - I'll probably start to leave them on one TEP VLAN.
@@NRDYTech You would be made welcome anytime Mike, I've done VMware since 2007.. I hold all 4 x VCP 6 in each pillar, and I'm now trying to specialise in NSX-T (NSX-V was my VCP). Love your channel mate, appreciate your hard work. Give me a shout if and when you get over here, we will show you around. atb!
hi bro, thx from hong kong for your explanation! that's a crazy thing I used this approach for NSX-V working perfectly but it no longer works in NSX-T, I had been try and error for this for a week, your explanation is clean and clear .... !! much thx !! between "they - vmware" should allow edge node uplink as native vlan 19 instead of running on tunnels, while edge node TEP with vlan 19.!!
Another great video, thanks. A couple of ideas. NSX-T 3.0 Backup and recovery And an add on to that NSX-T Multisite with how to recover should primary site with Managers fail.
Thanks andrew! I plan on covering some Multisite (Federation to be specific) once it's ready for production use cases! Backup and recovery is probably worth taking a look at as well - thank you for that!
Correct- you need routing to work between those different TEP subnets if you are using different VLANs! And also, make sure you have Jumbo MTU on both VLANs.
@@NRDYTech Thank your answer, I will try it. Currently I tried to put the HOST TEP & EDGE TEP into same subnet, the TEP VLAN is closed network and it do not have gateway. There have communication issue in between Tier 1 & Tier 0 router with this configuration and I found there have tunnel status down in Edge Transport Nodes tab. Those tunnels unable to up is from HOST TEP IP to EDGE TEP IP (same network IP range). I tried to troubleshoot it more than 6 hours but still unable to fix it. No luck...
I believe this restriction has actually gone away on version 3.1.2 ( maybe earlier ). Sorry you added that correction Mike. I actually think you didn't really explain this all that well. The host is running an N-VDS or an NSX-T capable native VDS and has been configured to use VLAN 19 as it's TEP VLAN. I assume, because of this, that the specific VLAN will only be allowed on the host's uplinks and will not be extended down into the Edge VM running on the host. Because of this, any frames received from the Edge VM with the VLAN 19 tag will simply not be switched through the Host VDS. Similarly, any ARP request coming into the host for the Edge's IP address will be dropped because the Host VDS is not learning VLAN 19 mac addresses from the Edge VM. A picture would be worth a thousand words here. Something showing the Tier0 routers VLANs going to the routers through the Host VDS and physical switches, and the TEP VLAN being blocked at the Host VDS. I don't think there was any technical reason why the VLAN couldn't be extended to VMs behind the VDS, it just wasn't.
Hi! I've followed your complete guide and set up NSX-T in my home lab but I have a problem I cannot figure out. The edge node tunnels are always down. get tunnel-port stats indicates traffic leaving edge node but nothing coming in. I've tried with same and different VLANs for hosts and edges but for the life of me I cannot get it working. Everything is routable but edge refuses to connect and it doesn't say why. I would appreciate any hints you can give!
For anyone having the same problem, the solution is to create a VLAN segment, place the edge VM on its own segment (the one just created), and then use the same VLAN for host nodes. It's weird but it works.
Hi, i have a problem that i encountered with in multiple environments: The problem is about not opening some websites in the internet! I can ping those websites and tracerout works fine, but when it comes to load pages, it does not show anything and gives me an error. In one of infrastructures when i put edge and hosy teps in different subnets, it worked, but in others it couldn't solve this problem. Does anyone have any idea? Thanks
Hi Mehran! check your MTUs on the physical network and your edge VDS. The VDS where your edge VM sits (and is connected to) should have jumbo MTU enabled - as well as the overlay/TEP VLANs of course. This sounds a lot like what happens when you have an MTU issue in the network :)
I have a different tep pool for my edges too but I never knew why. It always confused me. I even asked the question at a VMware expert table and got some sort of weird answer that confused me more ( he didn’t know either and was just trying to BS his way through the question ). Anyway it make so much sense now. If you use the same tep for both, the host that houses the edge vm will think it’s meant for him and eat it. Perfect explanation #followernumber49x
Exactly! I'm not surprised they didn't know at the round table, I've even asked my peers who are smarter than me, and nobody had a clue! Love the hashtag btw :) Onward to 1k subs!
It appears this has been resolved in 3.1, so now you can have the Edge TEP and host TEP on the same VLAN - even if on the same host! I have not tested this, but it should work.
Hello NRYD,
Is it possible to utulize one VDS for Transport Node and NSX EDGE on desing where transport nodes host's the edge on themslefs ?
communities.vmware.com/thread/645002?start=15&tstart=0
Hello Mike, you mentioned that it was working for you! so how was it work and what was those esxi config! so is this issue still exist on 2.4 or 2.5 version
Hi Mike. Thanks for all the awesome videos. I have this in my lab and it works fine. The only thing to remember is that the Edge uplinks HAVE to be NSX VLAN backed segments instead of DVS portgroups.
brother all your videos are amazing, nice layout diagrams and simple explanation keep up the good work
Nice. I'll have to keep this in mind if I'm ever working on a collapsed cluster design.
Great video. This makes sense since the geneve packet is recieved on the TransportNode TEP first. And that interface is not a switch/routed interface. It's like if a PCs NIC recieves a frame destined for an IP address that's not it's own. It will just drop the frame and do nothing with it.
Exactly! It makes total sense, but for some reason I (and my colleagues) have never really considered that. I always thought of it in context of a separate edge host. Learn something new every day!
Thanks for that, I participate in the VMware discord and though we've had this discussion several times, no one seems to have come up with an edge case where this causes an issue.
Thanks for the input! I haven't seen it cause issues with my customers, but I've also always recommended two separate TEP VLANs :) I'll probably continue to go with two TEP VLANs, but if I'm 100% the edges will stay on an edge host cluster - I'll probably start to leave them on one TEP VLAN.
I literally had this same issue yesterday. The host was eating overlay traffic destined for the edge vm. Thanks for this video!
6 more to 500 subs :) nearly there mate... atb from England
Thanks Paul :) Need to make it to England sometime soon, never been!
@@NRDYTech You would be made welcome anytime Mike, I've done VMware since 2007.. I hold all 4 x VCP 6 in each pillar, and I'm now trying to specialise in NSX-T (NSX-V was my VCP). Love your channel mate, appreciate your hard work. Give me a shout if and when you get over here, we will show you around. atb!
hi bro, thx from hong kong for your explanation! that's a crazy thing I used this approach for NSX-V working perfectly but it no longer works in NSX-T, I had been try and error for this for a week, your explanation is clean and clear .... !! much thx !! between "they - vmware" should allow edge node uplink as native vlan 19 instead of running on tunnels, while edge node TEP with vlan 19.!!
Another girl engineer watching your great videos. Thanks.
yes!!!! I'm a dad of girls, so I love seeing girl engineers! :)
Really useful, thanks.!
Congratulations on 500 subs and keep making great content!
Thank you! And your content is great as well - just took a look & subbed.
NRDY Tech Thank you!
Another great video, thanks.
A couple of ideas.
NSX-T 3.0 Backup and recovery
And an add on to that NSX-T Multisite with how to recover should primary site with Managers fail.
Thanks andrew! I plan on covering some Multisite (Federation to be specific) once it's ready for production use cases! Backup and recovery is probably worth taking a look at as well - thank you for that!
Can Tier-1 connect to Tier-1 Routers ? If we wish to setup load balancing using One arm mode ?
Is Collapsed compute & Edge with Bridging on NSX-T 2.5.2 ? guide me configuration
I have one question, should I set the route to let EDGE TEP network communicate with HOST TEP network?
Correct- you need routing to work between those different TEP subnets if you are using different VLANs! And also, make sure you have Jumbo MTU on both VLANs.
@@NRDYTech
Thank your answer, I will try it. Currently I tried to put the HOST TEP & EDGE TEP into same subnet, the TEP VLAN is closed network and it do not have gateway. There have communication issue in between Tier 1 & Tier 0 router with this configuration and I found there have tunnel status down in Edge Transport Nodes tab. Those tunnels unable to up is from HOST TEP IP to EDGE TEP IP (same network IP range). I tried to troubleshoot it more than 6 hours but still unable to fix it. No luck...
I believe this restriction has actually gone away on version 3.1.2 ( maybe earlier ). Sorry you added that correction Mike.
I actually think you didn't really explain this all that well. The host is running an N-VDS or an NSX-T capable native VDS and has been configured to use VLAN 19 as it's TEP VLAN. I assume, because of this, that the specific VLAN will only be allowed on the host's uplinks and will not be extended down into the Edge VM running on the host. Because of this, any frames received from the Edge VM with the VLAN 19 tag will simply not be switched through the Host VDS. Similarly, any ARP request coming into the host for the Edge's IP address will be dropped because the Host VDS is not learning VLAN 19 mac addresses from the Edge VM. A picture would be worth a thousand words here. Something showing the Tier0 routers VLANs going to the routers through the Host VDS and physical switches, and the TEP VLAN being blocked at the Host VDS.
I don't think there was any technical reason why the VLAN couldn't be extended to VMs behind the VDS, it just wasn't.
I would like to have all your nsx-t tutorial in pluralsights apart from udemy. Is you are planning to do so any time?
Hi! I've followed your complete guide and set up NSX-T in my home lab but I have a problem I cannot figure out. The edge node tunnels are always down. get tunnel-port stats indicates traffic leaving edge node but nothing coming in. I've tried with same and different VLANs for hosts and edges but for the life of me I cannot get it working. Everything is routable but edge refuses to connect and it doesn't say why. I would appreciate any hints you can give!
For anyone having the same problem, the solution is to create a VLAN segment, place the edge VM on its own segment (the one just created), and then use the same VLAN for host nodes. It's weird but it works.
Hi, i have a problem that i encountered with in multiple environments:
The problem is about not opening some websites in the internet! I can ping those websites and tracerout works fine, but when it comes to load pages, it does not show anything and gives me an error.
In one of infrastructures when i put edge and hosy teps in different subnets, it worked, but in others it couldn't solve this problem. Does anyone have any idea? Thanks
Hi Mehran! check your MTUs on the physical network and your edge VDS. The VDS where your edge VM sits (and is connected to) should have jumbo MTU enabled - as well as the overlay/TEP VLANs of course. This sounds a lot like what happens when you have an MTU issue in the network :)
@@NRDYTech Thanks for your reply :) i'll check it out and tell you soon
I have a different tep pool for my edges too but I never knew why. It always confused me. I even asked the question at a VMware expert table and got some sort of weird answer that confused me more ( he didn’t know either and was just trying to BS his way through the question ). Anyway it make so much sense now. If you use the same tep for both, the host that houses the edge vm will think it’s meant for him and eat it. Perfect explanation #followernumber49x
Exactly! I'm not surprised they didn't know at the round table, I've even asked my peers who are smarter than me, and nobody had a clue! Love the hashtag btw :) Onward to 1k subs!
What about you uSeg methodology?
I'm definitely planning on doing some DFW stuff soon, but that's a great idea to add - maybe different approaches to microseg (crawl/walk/run) etc.