Purpose: The alarm is raised because a loop event is detected and the Edge Bridge learns the same VNI MAC address via bridged VLAN. If the MAC flap is a single-time event the alarm will be cleared.
Impact: Traffic degradation due to the loop. The traffic to the flapping MAC will be impacted.
Environment
VMware NSX
Cause
All Alarm Trigger Conditions:
This Alarm is raised when an Edge bridge port detects a MAC behind VNI is moved to be behind bridged VLAN resulting from suspicious external L2 network loops.
ESXi VMNIC drivers loop traffic originating from an edge VM bridge port's VNIC back to the same VNIC. This can be resolved by updating or fixing the ESXi VMNIC driver.
Bare Metal Edge bridging setup using a bond with a failover teaming policy on two physical NICs (PNICs) connected to two external TOR switch ports, BUM (Broadcast, Unknown Unicast, and Multicast) traffic from the bond's active PNIC may loop back to the standby PNIC. To resolve this, the standby link should be removed from the bond.
During an Edge Bridge High Availability (HA) failover event, the MAC address behind the old active Bridgeport moves to the new active bridge port. The edge with the old active bridge port then detects the MAC address behind the tunnel port to the new active bridge port. This behavior is expected, and the user can manually resolve the alarm.
Resolution
This alarm was introduced in NSX 4.2.0 but has been removed as of version 4.2.1. Whilst it could be a good indicator of a loop condition, it could also be triggered by normal workflows such as failovers and migrations.
Recommended Action:
If the MAC move is caused by edge HA failover, it is one-time event and expected.
If the MAC move is observed by Bare Metal Edge, then the loop could be formed on two links in the TOR (BME example)
If the MAC move is observed by VM Edge, then the loop could be on ESX host, it is outside of Edge VM.