Production VMs on MON Enabled Segments are Dropping Packets
Article ID: 344989
Updated On:
Products
VMware HCX
Issue/Introduction
Inform users of configurations/products that cause packet loss
Symptoms:
Customer is noticing that MON enabled segments are experiencing packet drops. Customer is using ICMP to monitor the drops. You will see Ping failures between VM's on MON enabled networks (just 1 VM could be using a MON enabled network)
Symptoms:
Customer is noticing that MON enabled segments are experiencing packet drops. Customer is using ICMP to monitor the drops. You will see Ping failures between VM's on MON enabled networks (just 1 VM could be using a MON enabled network)
Cause
It was determined that the issue was two-fold.
- Customer was running a product called "thousand eyes" which was causing network congestion in the enviornment.
- Customer Palo Alto FW was set to "Server Response Inspection" enabled.
Resolution
Disable the thousand eyes network probing.
Disable FW feature "Server Response Inspection".
Disable FW feature "Server Response Inspection".
Additional Information
Impact/Risks:
Packet drops in MON enabled HCX networks.
Packet drops in MON enabled HCX networks.
Feedback
Yes
No
Powered by
