PXE boot fails when traffic is redirected to SVM.
search cancel

PXE boot fails when traffic is redirected to SVM.

book

Article ID: 320304

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

  • PXE boot is failing. Reply packet from PXE server (destined to port 68) never reaches client. Typically this packet will have source port 4011 and destination port 68.
  • PXE boot works fine when traffic is not redirected to SVM.
  • Service insertion is configured with NSX.
  • Unicast connectivity to PXE server from the segment works but only PXE does not work.
  • Firewall logs do not show dropped packets.
  • In NSX manager UI under System > Service Deployments > Service Instances if you check for Runtime Status you can see DHCP Server (IPv4) counter increase.



  • This segment profile and segment is visible only under 'Manager' view.


Environment

VMware NSX-T Data Center
VMware NSX

Cause

The issue happens because of the default segment security profile that is attached to SVM.
When SVM is deployed it gets nsx-default-switch-security-vif-profile attached to the segment. This profile has DHCP Server Block set to Enabled. When this option is set to Enabled traffic destined to port 68 gets dropped.


Resolution

This issue is resolved in VMware NSX 3.2.4
This issue is resolved in VMware NSX 4.1.1
This issue is resolved in VMware NSX 4.2.0

Note: Upgrade will not resolve the issue on existing deployments. For existing deployments you can either delete and recreate deployment or apply the workaround.

Workaround:

Contact Broadcom Support

Additional Information



Powered by Wolken Software