NSX Edge sends ARP request with a source IP address belonging to another network
Article ID: 325460
Updated On:
Products
VMware NSX for vSphere
Issue/Introduction
Symptoms:
When a client machine on the same network as NSX Edge Service Gateway (ESG) send packets to ESG interface not connecting to the client side network, Edge sends ARP request with an incorrect source IP Address.
Environment
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x
Cause
This is the default behavior of NSX Edge Service Gateway. Source IP address in ARP request is decided by Linux kernel parameter "net.ipv4.conf.default.arp_announce" which is set to "0" by default. As a result, ESG uses any local address, configured on any interface as source IP address in ARP request.
Resolution
To resolve this issue, change the kernel parameter "net.ipv4.conf.default.arp_announce" to "1" by using NSX manager REST API PUT Method:
Method: PUT
URL: https://NSX_Manager_IP/api/4.0/edges/EDGE-ID/systemcontrol/config
Body:
<systemControl>
<property>sysctl.net.ipv4.conf.default.arp_announce = 1</property>
</systemControl>
URL: https://NSX_Manager_IP/api/4.0/edges/EDGE-ID/systemcontrol/config
Body:
<systemControl>
<property>sysctl.net.ipv4.conf.default.arp_announce = 1</property>
</systemControl>
Feedback
Yes
No
Powered by
