RARP leaking to the physical network from NSX-T connected TAS containers
search cancel

RARP leaking to the physical network from NSX-T connected TAS containers

book

Article ID: 330560

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

TAS containers MAC addresses are seen in the physical environment in the native VLAN.

These containers VMs belong to NSX-T overlay segments and they are constantly getting deleted and created.

It can happen on non container scenario also, for example: when a VM port attached to nsx logical segment is disconnected.

If you perform a capture in the vmnicx level of the vmnicx that belongs to the switch of the NSX-T, you will see a RARP packet that is not Geneve encapsulated, this is the packet that is getting learned in the physical environment on the native VLAN.

 

On this location of the ESXi host you will find the container getting deleted, see log below

/var/run/log/vmkernel.log

create part for container port:::
2023-04-26T17:41:16.287Z cpu15:2098991)KCP_ProcessContainerUpdate:554:[nsx@6876 comp="nsx-esx" subcomp="kcp"]Created container port[134224890:fb0dfa30-f008-459e-9cc0-2afccee3040f] on VM port[134217912:03b3c24e-f3f2-4510-be62-5fa9cd2deb95]
2023-04-26T17:41:16.287Z cpu15:2098991)KCP_ProcessContainerUpdate:555:[nsx@6876 comp="nsx-esx" subcomp="kcp"]Created container port CIF [7b96764e-b967-4413-9348-6aacc414978a]

delete part for container port:::
2023-04-26T17:41:37.287Z cpu15:2098991)KCP_CheckDeleteContainerPort:834:[nsx@6876 comp="nsx-esx" subcomp="kcp"]Delete container port[134224890:fb0dfa30-f008-459e-9cc0-2afccee3040f] on VM port[134217912]
2023-04-26T17:41:37.288Z cpu15:2098991)KCPContainerDeleteContainerPort:887:[nsx@6876 comp="nsx-esx" subcomp="kcp"]Removed dvport d6 b8 c6 e3 ae 89 4f 8d-8f bf 8e 5a 49 ef 93 1c from vds fb0dfa30-f008-459e-9cc0-2afccee3040f for port 0x8001bfa : Success

 

This is the RARP without Geneve encapsulation

image.png

This is the RARP with Geneve encapsulation

image.png

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
 

 


Environment

VMware NSX-T Data Center

Cause

Container MAC addresses on overlay networks become known to physical infrastructure due to RARP sent at the time of port disconnect, with VLAN/VNI tags removed from the port.

 

Resolution

Release 3.2.4 and 4.1.0


Workaround:

N/A


Additional Information

Impact/Risks:

No service impact