Virtual machine does not receive a DHCP Server Offers on NSX-T backed network segment
search cancel

Virtual machine does not receive a DHCP Server Offers on NSX-T backed network segment

book

Article ID: 371005

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Virtual machine does not receive a DHCP Server Offers on NSX-T backed network segment
  • Virtual machine connected to overlay or VLAN backed segment 
  • Virtual machine uses DHCP to get an IP address
  • After sending a DHCP discover message the virtual machine does not receive the DHCP offer 

  • The IP address of the virtual machine/ESXi doesn't get renewed after the lease period. 

Environment

VMware NSX
VMware NSX-T Data Center

Cause

  • The NSX-T Segment Security Policy "default-segment-security-policy" has DHCP Server Block enabled by default. 
  • DHCP Server Block & DHCP Client Block are disabled by default.
  • DHCP Server Block blocks traffic from a DHCP server to a DHCP client.
  • Note that, it does not block traffic from a DHCP server to a DHCP relay agent.
  • DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.

  • DHCP client sends the unicast request to DHCP server after the lease period and this traffic is blocked by the rule "DHCP Server Block".

Resolution

  • Create a Segment Security Segment Profile with DHCP Server Block disabled
  • Replace default Segment security profile with Newly created security profile 

 

Additional Information

If you are using VMware HCX follow KB 321662

Powered by Wolken Software