L2 Bridge communication issues when VMs and DLR control VM are on the same ESXi host
Article ID: 345033
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- VLAN backed VMs cannot reach VXLAN (overlay) VMs via L2 Bridge when those VMs are located in the same ESXi host as the DLR control VM.
- VLAN VMs cannot resolve ARPs of overlay VMs.
- ARP suppression for VDR bridged ARP requests fail.
Environment
VMware NSX Data Center for vSphere 6.4.x
Cause
L2 Bridge sets packet attribute to mark the packets being bridged already and will drop the received packets with such attribute set.
VDL2 ARP suppression will restore the VDR packet attributes in the cases where its ARP table is empty. Once its ARP table is populated either through controller query or local resolution, subsequent ARP request from VDR bridge will not have the VDR attributes restored.
Since VDL2 does ARP suppression by looking up from its ARP table, the source port will be that of the VDR's uplink. So VDR bridge sees this MAC from uplink but also in its FDB pointing to local port, so it will drop the frame assuming underlay U-turned the frame.
VDL2 ARP suppression will restore the VDR packet attributes in the cases where its ARP table is empty. Once its ARP table is populated either through controller query or local resolution, subsequent ARP request from VDR bridge will not have the VDR attributes restored.
Since VDL2 does ARP suppression by looking up from its ARP table, the source port will be that of the VDR's uplink. So VDR bridge sees this MAC from uplink but also in its FDB pointing to local port, so it will drop the frame assuming underlay U-turned the frame.
Resolution
Issue is resolved in NSX 6.4.6
Workaround:
Do not place any overlay VMs in the same ESXi host as the DLR control VM.
Workaround:
Do not place any overlay VMs in the same ESXi host as the DLR control VM.
Feedback
Yes
No
Powered by
