VMware NSX Geneve packet IP headers with checksum 0xffff may be dropped by third party device
search cancel

VMware NSX Geneve packet IP headers with checksum 0xffff may be dropped by third party device

book

Article ID: 317682

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • Running NSX-T versions 3.x or VMware NSX 4.x.
  • Some traffic from VMware NSX prepared host, Geneve encapsulated traffic destined for other transport nodes, enter the physical device with an IP checksum value of 0xffff.
  • The physical device, such as a switch, drops the packet as being invalid.


Environment

VMware NSX-T Data Center
VMware NSX

Cause

Due to how VMware NSX interprets RFC 1624, some Geneve IP packet headers had incorrect checksum and this leads to the physical device dropping the packet.

Resolution

This issue is resolved in VMware NSX 3.2.4
This issue is resolved in VMware NSX 4.2.0

Workaround:
This issue will not hit every packet, however to workaround the issue, there are two options:

  1. The Geneve endpoint (TEP IP addresses) can be changed. This can be achieved by using a different IP pool, however tunnels will not be available on the transport nodes until the new IP addresses are assigned and in use.

    OR

  2. For VMs impacted by this issue, vMotion from one host to another, thus using a new TEP IP address and therefore a different checksum can also workaround the issue. 
Powered by Wolken Software