NSX Edge sends ARP request with a source IP address belonging to another network
search cancel

NSX Edge sends ARP request with a source IP address belonging to another network

book

Article ID: 325460

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
When a client machine on the same network as NSX Edge Service Gateway (ESG) send packets to ESG interface not connecting to the client side network, Edge sends ARP request with an incorrect source IP Address.
 


Environment

VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x

Cause

This is the default behavior of NSX Edge Service Gateway. Source IP address in ARP request is decided by Linux kernel parameter "net.ipv4.conf.default.arp_announce" which is set to "0" by default. As a result, ESG uses any local address, configured on any interface as source IP address in ARP request.

Resolution

To resolve this issue, change the kernel parameter "net.ipv4.conf.default.arp_announce" to "1" by using NSX manager REST API PUT Method:
 
Method: PUT
URL: https://NSX_Manager_IP/api/4.0/edges/EDGE-ID/systemcontrol/config
Body:
<systemControl>
<property>sysctl.net.ipv4.conf.default.arp_announce = 1</property>
</systemControl>


Additional Information

NSX Edge が別のネットワークに属するソース IP アドレスで ARP 要求を送信する
NSX Edge 发送的 ARP 请求包含属于其他网络的源 IP 地址