After Upgrade From 2.5.x to 3.x, uRPF Mode on Tier 0 Gateway Interfaces is Changed From None to Strict.
search cancel

After Upgrade From 2.5.x to 3.x, uRPF Mode on Tier 0 Gateway Interfaces is Changed From None to Strict.

book

Article ID: 327303

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

After upgrading from 2.5.x to 3.x, uRPF mode on Tier 0 gateway interfaces is changed from none to strict.

This change can cause traffic to be dropped by the Tier 0 gateway. 

There is no log to identify this issue. Check the uRPF setting after upgrading to 3.x

Environment

VMware NSX-T Data Center

Cause

During upgrade from 2.5.x to 3.x, a script is run to convert the value of uRPF mode into the policy API. 

The conversion of uRPF from its 'manager' value to 'policy' value can lead to an incorrect setting.

Resolution

Upgrade to 3.1.3.

Workaround:
There is no preventative workaround. After upgrade, users are encouraged to correct their uRPF setting to its desired value.  

Note:  After upgrade to 3.X and encountering this issue, the uRPF setting must be changed in the policy mode UI, rather than the manager mode UI.

Additional Information

When uRPF is in "Strict" mode, the Edge only forwards packets if they are received on the same interface that would be used to forward the traffic to the source of the packet. If the route to the source address of the packet is through a different interface than the one it is received on, the packet is dropped.

Powered by Wolken Software