NSX-T 3.0 Upgrade Enabled URPF

Intro

So I noticed that after upgrading my NSX-T lab to version 3.0 that the system had re-enabled URPF on my Edge uplinks, since they are running in ECMP mode this is not a desirable configuration. I don’t know why it decided to revert the setting but it did so I’ll need to change it back again.

What is URPF

URPF stands for Unicast Reverse Path Forwarding.
In NSX-V this was called Reverse Path Forwarding or RPF
When URPF is enabled, the Edge only forwards packets if they are received on the same interface that would be used to forward the traffic to the source of the packet. If the route to the source address of the packet is through a different interface than the one it is received on, the packet is dropped.

In other words if the packets come in on Uplink A but leaves on Uplink B as it can do with ECMP mode or it leaves via the other Edge then the packet is dropped, clearly not something we want to happen which is why we always disable URPF on ECMP mode Edges.

The Fix

If you recall in my NSX-T lab post on the Tier 0 Gateway configuration Here the configuration of URPF was done via the Advanced Networking & Security page, you then went into the Router port menu and edited the uplinks.

Since NSX-T 3.0 we no longer have the Advanced Networking & Security page, however to get to the configuration is now a lot simpler as it is all done via the Tier-0 Gateways section.

Login to the NSX manager then select Networking, Tier-0 Gateways then click on the ellipsis, (thats the three vertical dots) on the Tier-0 that you wish to edit.

Select Edit

Expand the INTERFACES section and click on the blue number.

For each Interface click the ellipsis and select Edit

Click the URPF Mode box and select None then click SAVE
Repeat for the other interfaces.

Once done click CLOSE

Finally click on CLOSE EDITING and we are done.

But wait there is another way…

Remember I said that the Advanced Networking & Security section was no longer available? Well that’s true sort of….

To access the options that were configured or deployed using it we can now use the Manager Mode instead of the Policy mode.

So we can still do this same configuration by doing the following.

In the top right corner change to Manager mode by clicking MANAGER.
If you can’t see this option then go to System, User Interface Setting click EDIT and make he changes to both options then refresh the browser.


Then select Networking, Tier-0 Logical Routers then click on the Tier-0 router/Gateway to edit.

Click the Configuration menu then Router Ports

Select the Uplink and click EDIT

Change the URPF Mode to None then click SAVE

Repeat for the rest of the Uplinks, thats it.

Leave a Reply

Your email address will not be published. Required fields are marked *