  Service IP or Pod IP not reachable using OpenShiftSDN on top of VMware NSX VXLAN SOLUTION VERIFIED - Updated November 30 2018 at 7:15 PM - Environment OpenShift Container Platform 3.xOpenShift SDN over NSX SDNVMware with using NSX SDN version 6.2.3 or laterVMware with using NSX SDN version 6.2.2 and older and migrating to NSX SDN 6.2.3 or later Issue Service IPs do not seem to be accessible from some nodes in the clusterFor example, when we try to deploy an application, an image fails to download from theinternal registry with a no route to host errorUnable to communicate to or from pod IPs between container nodes and infrastructure nodes,where one node is on VM and a different node is bare-metal/physical host.Can we change the SDN port 4789? Resolution3.10 and earlier As the OpenShift SDN VXLAN port is fixed and cannot be configured, a work around to the issuewould be to modify the VXLAN port in the NSX SDN, from 4789 to the legacy value of 8472. This only impacts using OpenShift SDN with NSX SDN version 6.2.3 and later, where VMwarechanged the standard VXLAN port from 8472 to 4789.Customers currently using and older version of NSX SDN (version 6.2.2 and earlier) will not beimpacted by this issue since the default port is 8472.Customers migrating from an older version of NSX SDN to version 6.2.3 and later, will encounter thisissue, and should configure the standard VXLAN port accordingly. 3.11+ Starting in 3.11, it is possible to change the vxlan port in OpenShift as per the documentation Root Cause When configuring OpenShift with OpenShift SDN using VMware NSX SDN, where the OpenShiftSDN is overlaid on top of NSX SDN, both SDNs will use the standard VXLAN port of 4789, per thelatest VXLAN RFC, resulting in message packets beingdropped. Diagnostic Steps NSX admins should also check East/West rules TCP vs UDP settings on 4789.East/West refers to NSX policies allowing/blocking traffic between nodes.This solution is part of Red Hat's fast-track publication program, providing a huge library of solutionsthat Red Hat engineers have created while supporting our customers. To give you the knowledgeyou need the instant it becomes available, these articles may be presented in a raw and uneditedform.


