[External] HCX - Virtual machine does not receive a DCHP Server Offers on NSX-T backed HCX extended networks
Article ID: 321662
Updated On:
Products
VMware HCX
VMware NSX
VMware Cloud on AWS
Issue/Introduction
Symptoms:
• After a virtual machine with DHCP enabled is Bulk migrated or rebooted on an HCX extended network, it is not able to receive an IP address via DHCP.
Cause 1:
• The NSX-T Segment Security Policy default-segment-security-policy has DHCP Server Block enabled by default.
• When HCX is used to extend a network to an vSphere environment that uses NSX-T networking, the default NSX Segment Policy is selected.
Cause 2:
• if the DHCP Server Block & DHCP Client Block are disabled with a custom segment security profile, then the DHCP Server block will block traffic from a DHCP server to a DHCP client.
Note that, this will not block traffic from a DHCP server to a DHCP relay agent.
• DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.
• After a virtual machine with DHCP enabled is Bulk migrated or rebooted on an HCX extended network, it is not able to receive an IP address via DHCP.
Cause 1:
• The NSX-T Segment Security Policy default-segment-security-policy has DHCP Server Block enabled by default.
• When HCX is used to extend a network to an vSphere environment that uses NSX-T networking, the default NSX Segment Policy is selected.
Cause 2:
• if the DHCP Server Block & DHCP Client Block are disabled with a custom segment security profile, then the DHCP Server block will block traffic from a DHCP server to a DHCP client.
Note that, this will not block traffic from a DHCP server to a DHCP relay agent.
• DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.
Environment
VMware NSX-T
Resolution
Resolution
Cause 1:
• Create a Segment Security Segment Profile with DHCP Filtering disabled.
• Apply the new profile to any HCX extended networks that rely on DHCP for IP addressing.
Note: HCX Network Extension to NSX-T backed SDDCs in VMware Cloud on AWS automatically adjust the Segment Profile to allow DHCP requests.
Cause 2:
• A DFW rule should be create with destination as 255.255.255.255/32 to make DHCP work.
• From SDDC M16 version, There will be an internal Rule to allow DHCP traffic.
Cause 1:
• Create a Segment Security Segment Profile with DHCP Filtering disabled.
• Apply the new profile to any HCX extended networks that rely on DHCP for IP addressing.
Note: HCX Network Extension to NSX-T backed SDDCs in VMware Cloud on AWS automatically adjust the Segment Profile to allow DHCP requests.
Cause 2:
• A DFW rule should be create with destination as 255.255.255.255/32 to make DHCP work.
• From SDDC M16 version, There will be an internal Rule to allow DHCP traffic.
Feedback
Yes
No
Powered by
