[External] HCX - Virtual machine does not receive a DCHP Server Offers on NSX-T backed HCX extended networks
searchcancel
[External] HCX - Virtual machine does not receive a DCHP Server Offers on NSX-T backed HCX extended networks
book
Article ID: 321662
calendar_today
Updated On: 07-22-2021
Products
VMware HCXVMware NSXVMware Cloud on AWS
Issue/Introduction
Symptoms: • After a virtual machine with DHCP enabled is Bulk migrated or rebooted on an HCX extended network, it is not able to receive a DHCP address.
Cause 1: • The NSX-T Segment Security Policy default-segment-security-policy has DHCP Server Block enabled by default. • When HCX is used to extended a network to an vSphere environment that uses NSX-T networking, the default NSX Segment Policy is selected.
Cause 2: • DHCP Server Block & DHCP Client Block are disabled by default. DHCP Server Block blocks traffic from a DHCP server to a DHCP client. Note that, it does not block traffic from a DHCP server to a DHCP relay agent. • DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.
Environment
VMware NSX-T
Resolution
Resolution Cause 1: • Create a Segment Security Segment Profile with DHCP Filtering disabled. • Apply the new profile to any HCX extended networks that rely on DHCP for IP addressing. Note: HCX Network Extension to NSX-T backed SDDCs in VMware Cloud on AWS automatically adjust the Segment Profile to allow DHCP requests.
Cause 2: • We need to create DFW rules with destination as 255.255.255.255/32 to make DHCP working • From SDDC M16 version, There will be an internal Rule to allow DHCP traffic.