An NSX-T prepared Transport Node may experience PSOD due to 'VdrIcmp6SendRedirectPkt' with IPv6 traffic
Article ID: 312626
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- You have recently upgraded to NSX-T version 3.1.3.1 or are running version 3.1.3.1.
- You have IPv4 and IPv6 L3 forwarding mode enabled.
Networking --> Global Networking --> Global Network config --> edit --> Toggle L3 forwarding Mode to IPv4 and IPv6 --> save
- A VM may be configured with a less specific prefix than the subnet.
- ESXi hosts experience PSOD.
- A similar PSOD backtrace as seen below can be observed on the ESXi host:
Version Details: VMware ESXi 6.7.0 build-17700523
Panic Details: Crash at 2021-09-26T00:15:12.648Z on CPU 135 running world 18342775 - NetWorld-VM-18342774. VMK Uptime:38:07:44:54.143
Panic Message: @BlueScreen: #PF Exception 14 in world 18342775:NetWorld-VM- IP 0x41802a9a03a7 addr 0x45cd072bb368
Backtrace:
0x451c05c1b2b0:[0x41802a9a03a7]VdrIcmp6SendRedirectPkt@(nsxt-vdrb-18504670)#<None>+0x3d7 stack: 0x418061c056e0, 0x418061c05680, 0x418061c056e8, 0x4301d2d463d0, 0x0
Panic Details: Crash at 2021-09-26T00:15:12.648Z on CPU 135 running world 18342775 - NetWorld-VM-18342774. VMK Uptime:38:07:44:54.143
Panic Message: @BlueScreen: #PF Exception 14 in world 18342775:NetWorld-VM- IP 0x41802a9a03a7 addr 0x45cd072bb368
Backtrace:
0x451c05c1b2b0:[0x41802a9a03a7]VdrIcmp6SendRedirectPkt@(nsxt-vdrb-18504670)#<None>+0x3d7 stack: 0x418061c056e0, 0x418061c05680, 0x418061c056e8, 0x4301d2d463d0, 0x0
- To check the ICMPv6 redirects run the command as root user on the ESXi net-vdr --lif -6 -n <LIF NAME> --stats <Instance Name>
Unicast NS Probes TX : 0
ICMPv6 Echo Req RX : 0
ICMPv6 Echo Rsp TX : 0
ICMPv6 Time Exceeded TX : 0
ICMPv6 Net Unreachable TX : 0
ICMPv6 Host Unreachable TX : 8
ICMPv6 Redirect Packets TX : 883
IPv6 TTL Zero Drops : 0
IPv6 Bad Checksum Drops : 0
ICMPv6 Echo Req RX : 0
ICMPv6 Echo Rsp TX : 0
ICMPv6 Time Exceeded TX : 0
ICMPv6 Net Unreachable TX : 0
ICMPv6 Host Unreachable TX : 8
ICMPv6 Redirect Packets TX : 883
IPv6 TTL Zero Drops : 0
IPv6 Bad Checksum Drops : 0
Environment
VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center 3.x
Cause
ICMP IPv6 packets with source and destination, in the same NSX segment, ingresses through the VDR port. This is because there is a more specific route on the source VM and triggers ICMPv6 redirection.
Memory corruption is observed during ICMPv6 redirection which leads PSOD.
This may happen with a IPv6 ICMP packet of size 1280 bytes or higher.
Memory corruption is observed during ICMPv6 redirection which leads PSOD.
This may happen with a IPv6 ICMP packet of size 1280 bytes or higher.
Resolution
This issue is resolved in NSX-T Data Center 3.1.3.3 EP, 3.2.0 Available at Download Broadcom products and software
Workaround:
There are two workarounds for this issue:
Make sure the IPv6 prefix of the VM matches the subnet.
OR
Disable IPv6 forwarding and use L3 forwarding to IPv4 only.
Networking --> Global Networking --> Global Network config --> edit --> Toggle L3 forwarding Mode to IPv4 only --> save
Note: Before disabling IPv6 forwarding will impact al IPv6 routing currently enabled.
Feedback
Yes
No
Powered by
