Unable to access Virtual Machine service ports
search cancel

Unable to access Virtual Machine service ports

book

Article ID: 313757

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Virtual Machine placed on a specific ESXi host
  • Ping to the VM works
  • Unable to access Virtual Machine Service ports like 22.3389 etc from other VMs placed in different ESXis Hosts or subnets

Environment

VMware NSX 4.0.0.1

Cause

Scenario 1:
Server VM placed on the problematic ESXi
Clinet --->SYN--->Server
Server--->SYN-ACK--->Client      ----> "TCP CHECKSUM INCORRECT" in this packet
Client--->NO ACK Sent out

Scenario 2:
Client VM placed on the problematic ESXi
Client --->SYN--->Server   ----->"TCP CHECKSUM INCORRECT" in this packet
Server--->NO SYN-ACK Sent out from Server

This issue caused by "TCP CHECKSUM INCORRECT"

Resolution

Recommend to contact Hardware vendor to investigate from Driver/FW end

Workaround:

Prior to the conclusion from the Hardware Vendor, following options available:

1: Disable Geneve offload
esxcli system module parameters set -m bnxtnet -p "enable_geneve_ofld=0"
and reboot ESXi Host to make it works

OR 

2: Try to reinstall the Driver/FW to see if issue could be resolved with that

Additional Information

Impact/Risks:

Traffic to the VMs that are placed on problematic ESXi Hosts will get impacted

Powered by Wolken Software