RP Filter setting always being strict (1) can cause negative side effects for environments with unstable networking. More specifically, environments with potentially asymmetric routing between management and workload networks can cause packets to arrive at an unexpected network interface on the CPVM and be dropped. Customers should be aware of this limitation and consider disabling this strict RP filter if they have an asymmetric routing environment.

After upgrade to vCenter 8.x (to be replaced with version we started defaulting rp_filter=strict) along with Supervisor upgrade, environments with asymmetric routing may experience loss of connectivity to Supervisor control plane Virtual Machines"

A configuration change was made to Supervisor that could impact existing users.

To work around the issue, please follow the steps mentioned below to disable the RP filter:

• On vCenter, in /etc/vmware/wcp/wcpsvc.yaml, edit the is_loose field in rp_filter_config to "true" (by default it is "false"):

root@sc1-10-78-187-29 [ ~ ]# tail -1 /etc/vmware/wcp/wcpsvc.yaml
rp_filter_config: 
  is_loose: true

Then, restart wcp using "vmon-cli -r wcp"

• Verify on Supervisor Control Plane Virtual Machine that the RP filter setting is 2 by calling "sysctl net.ipv4.conf.all.rp_filter":

root@423b421139a523d1dc9b2932d011d4ed [ /var/log/update-controller ]# sysctl net.ipv4.conf.all.rp_filter
net.ipv4.conf.all.rp_filter = 2

• To re-enable the strict mode of RP filter, simply change the is_loose field back to "false" and restart wcp again.