Duplicate response for Internet Control Message Protocol (ICMP) request - CARP controller nodes running on a same ESXi host
search cancel

Duplicate response for Internet Control Message Protocol (ICMP) request - CARP controller nodes running on a same ESXi host

book

Article ID: 325067

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:
In VMware ESXi 5.x, 6.x and 7.x host, when the ping command is performed from one of the Common Address Redundancy Protocol (CARP) controller nodes to another node running on a same ESXi host, you experience this symptom:
  • Duplicate Internet Control Message Protocol (ICMP) response is observed


Environment

VMware ESXi 5.5.x
VMware ESXi 6.0.x
VMware ESXi 6.5.x
VMware ESXi 6.7.x
VMware ESXi 7.0.x

Cause

This issue occurs when CARP controller nodes running on a same ESXi host has promiscuous enabled and the vSphere Distributed Switch (vDS) is using more than one uplink.

Resolution

This behavior is expected in VMware ESXi 5.x, 6.x and 7.x.

CARP controller interface does not use MAC address that is assigned to the vNIC. This is the reason why the MAC address is not registered with the Standard Virtual Switch (VSS).

Since MAC address learning does not happen at the vSphere Distributed Switch (vDS) level with promiscuous mode enabled, when an ICMP packet is sent out, one copy of the packet is send to the destination virtual machine by the vSwitch with promiscuous mode enabled. Meanwhile, since the vSwitch does not know the destination MAC address, it also forwards the packet to the uplink. The packet then goes through the physical switch and come back through the other uplink. The destination virtual machine then receives two copies of the ICMP Echo request packet and responds twice which causes the duplicate ICMP response.

Additional Information

Impact/Risks:
Duplicate ICMP response

Powered by Wolken Software