Photo: Javier Allegue Barros
Deploying VMware NSX-V 6.4.5 from scratch into production in an active/active/active mode, (yep three sites!) we ran into an interesting problem when looking at the configuration of the Edge Service Gateway (ESG) on the secondary sites.
Can you spot it in the screenshot from my test lab below?
Let me give you a clue:
Yes thats correct, the option to enable OSPF / BGP route redistribution from the ESG is greyed out!
Let’s check the flash client:
Yep same :(
Okay, so that might not be a problem when running NSX-V in active/passive mode, but we are trying to run active/active/active here - I.E. run active services from all three datacentres.
Here is how to fix. It involves talking to NSX at an API level, but stick with me, its an easy fix.
First off, download a copy of Postman from getpostman.com and install.
Once installed, we need to configure Postman to work with NSX, so close Postman’s getting started screen and select File - Settings - General - SSL Certificate Verification is set to off:
Next, select Proxy and ensure Global Proxy Configuration and Use System Proxy are both set to off:
Close Postman configuration.
Next select Get from the drop down, Basic Auth from the Authorisation drop down and enter credentials to your secondary NSX Manager as shown below:
Select Headers, set Key to Content-Type, Value to application/xml and enter the following URL (modify to match your environment): https://FQDN_of_Secondary_NSX_Manager/api/4.0/edges/edge-ID/routing/config
Click Send
Your results should fill with xml similar to the below. If not, check your NSX Manager FQDN, NSX credentials and Edge ID.
Click to copy results to clipboard:
Paste results into a text editor such as Notepad++
Find the XML section between <redistribution>
and </redistribution>
headings.
Replace the whole <redistribution>
section with the following:
<redistribution>
<enabled>true</enabled>
<rules>
<rule>
<id>0</id>
<from>
<ospf>false</ospf>
<bgp>true</bgp>
<static>true</static>
<connected>true</connected>
</from>
<action>permit</action>
</rule>
</rules>
</redistribution>
Modify ospf, bgp, static and connected sections to match your requirements, such as those set on your ESGs at your primary site.
Once complete, open a new tab in Postman, set type to Put, select Headers, set Params Key to Content-Type, Value to application/xml and enter URL:
Set authorisation to Basic Auth:
Select Body and Raw. Paste modified xml into window Finally, click Send.
Confirm NSX returns a 204 No Content return to Postman:
If not, retry GET, xml modification and PUT again. Pay close attention to <version>
tags in the received and sent xml; they must match.
Refresh NSX to confirm modification has applied. Sure the configuration is still greyed out, but it’s enabled now:
Done! Repeat for any other ESG’s at any other secondary sites :)
VMware engineering have confirmed this is an issue with NSX-V 6.4.5. Should be fixed in NSX-V 6.4.6.
-Chris