Internal DLR LIF Does Not Respond to ICMP Pings
Article ID: 325733
Updated On:
Products
VMware NSX for vSphere
Issue/Introduction
Symptoms:
- There are NO observed network issues to the workloads behind the DLR. East-West and North-South connectivity is working.
- Pings from outside the NSX network destined for an internal LIF on the DLR fail.
- There are NO observed network issues to the workloads behind the DLR. East-West and North-South connectivity is working.
- Pings from outside the NSX network destined for an internal LIF on the DLR fail.
Environment
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.1.x
Cause
This is expected behavior due to the MAC behavior of the DLR.
Because the DLR must switch between a vMAC (which only used inside an ESXi Host) and a pMAC (which is an external pnic on an ESXI Host), pings destined for the an internal LIF on the DLR may fail.
Pinging the LIF of the DLR from outside the NSX network is not a valid test for workload connectivity or network integrity.
Because the DLR must switch between a vMAC (which only used inside an ESXi Host) and a pMAC (which is an external pnic on an ESXI Host), pings destined for the an internal LIF on the DLR may fail.
Pinging the LIF of the DLR from outside the NSX network is not a valid test for workload connectivity or network integrity.
Resolution
This is expected behavior.
Workaround:
Instead, pings sourced from the physical network should be destined for the IP addresses of VMs behind the DLR -- this will verify that North-South connectivity through the Edge and DLR are working as expected.
Workaround:
Instead, pings sourced from the physical network should be destined for the IP addresses of VMs behind the DLR -- this will verify that North-South connectivity through the Edge and DLR are working as expected.
Feedback
Yes
No
Powered by
