Traffic drops during vMotion if the VM is part of the NSgroup with dynamic criteria.
Article ID: 327391
Updated On:
Products
VMware vDefend Firewall
Issue/Introduction
- VM part of the NSgroup with dynamic criteria.
- Traffic drops during the vMotion
Environment
VMware NSX-T Data Center 3.x
Cause
When the members of NSgroups are dynamically determined and a VM with links contained in the membership criteria is migrated, the NSgroup contents change (migrating IP addresses are temporarily removed from the NSgroup). When a filter is configured on the destination host, the NSgroup contents will still not contain the dynamically determined addresses.
This can take a number of seconds to resolve itself (based on system load, size of config, etc). Once the NSgroup contents are changed again (to include the newly "discovered" members), the config is pushed down again and the IP addresses are realized in the address-sets as expected.
This can take a number of seconds to resolve itself (based on system load, size of config, etc). Once the NSgroup contents are changed again (to include the newly "discovered" members), the config is pushed down again and the IP addresses are realized in the address-sets as expected.
Resolution
Workaround:
Replace the IP addresses dynamically determined via other membership criteria with specific IP address of the VM.
Feedback
Yes
No
Powered by
