Chris Hall bio photo

Chris Hall

Principal Technical Consultant

PolarCloudsUK Chris LinkedIn Github
Chris Hall Nutanix Certified Master - Multicloud Infrastructure 6 Chris Hall VMware vExpert 2024 Chris Hall VMware vExpert NSX 2023 Chris Hall Nutanix Certified Professional - Multicloud Infrastructure 6 Chris Hall Nutanix Certified Professional - Unified Storage 6 Chris Hall VMware vExpert 2023 Chris Hall VMware vExpert 2022

NSX Edge Service Gateway Route Redistribution

Which Route? Photo: Javier Allegue Barros

Deploying VMware NSX-V 6.4.5 from scratch into production in an active/active/active mode, (yep three sites!) we ran into an interesting problem when looking at the configuration of the Edge Service Gateway (ESG) on the secondary sites.

Can you spot it in the screenshot from my test lab below? Route Redistribution greyed out

Let me give you a clue:

Zoom Route Redistribution greyed out

Yes thats correct, the option to enable OSPF / BGP route redistribution from the ESG is greyed out!

Let’s check the flash client: Route Redistribution greyed out Flash too

Yep same :(

Okay, so that might not be a problem when running NSX-V in active/passive mode, but we are trying to run active/active/active here - I.E. run active services from all three datacentres.

Here is how to fix. It involves talking to NSX at an API level, but stick with me, its an easy fix.

First off, download a copy of Postman from getpostman.com and install.

Once installed, we need to configure Postman to work with NSX, so close Postman’s getting started screen and select File - Settings - General - SSL Certificate Verification is set to off: Postman SSL verification off

Next, select Proxy and ensure Global Proxy Configuration and Use System Proxy are both set to off: Postman System and Global Proxy off

Close Postman configuration.

Next select Get from the drop down, Basic Auth from the Authorisation drop down and enter credentials to your secondary NSX Manager as shown below: Postman Get Config 1

Select Headers, set Key to Content-Type, Value to application/xml and enter the following URL (modify to match your environment): https://FQDN_of_Secondary_NSX_Manager/api/4.0/edges/edge-ID/routing/config

Postman Get Config 2

Click Send

Your results should fill with xml similar to the below. If not, check your NSX Manager FQDN, NSX credentials and Edge ID.

Click to copy results to clipboard: NSX API results

Paste results into a text editor such as Notepad++

Find the XML section between <redistribution> and </redistribution> headings.

Replace the whole <redistribution> section with the following:

        <redistribution>
            <enabled>true</enabled>
            <rules>
                <rule>
                    <id>0</id>
                    <from>
                        <ospf>false</ospf>
                        <bgp>true</bgp>
                        <static>true</static>
                        <connected>true</connected>
                    </from>
                    <action>permit</action>
                </rule>
           </rules>
        </redistribution>

Modify ospf, bgp, static and connected sections to match your requirements, such as those set on your ESGs at your primary site.

Once complete, open a new tab in Postman, set type to Put, select Headers, set Params Key to Content-Type, Value to application/xml and enter URL: NSX API Put 1

Set authorisation to Basic Auth: NSX API Put 2

Select Body and Raw. Paste modified xml into window NSX API Put 3 Finally, click Send.

Confirm NSX returns a 204 No Content return to Postman: NSX API Put return

If not, retry GET, xml modification and PUT again. Pay close attention to <version> tags in the received and sent xml; they must match.

Refresh NSX to confirm modification has applied. Sure the configuration is still greyed out, but it’s enabled now: NSX Secondary ESG Route Redistribution

Done! Repeat for any other ESG’s at any other secondary sites :)

VMware engineering have confirmed this is an issue with NSX-V 6.4.5. Should be fixed in NSX-V 6.4.6.

-Chris