Virtual machine does not receive DHCP Server offers on NSX-backed network segment
search cancel

Virtual machine does not receive DHCP Server offers on NSX-backed network segment

book

Article ID: 371005

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Virtual machine DHCP IP lease renewal requests are dropped.
  • Virtual machine connected to overlay or VLAN-backed segment.
  • Virtual machine uses DHCP to obtain an IP address.
  • After sending a DHCP discover message, the virtual machine does not receive the DHCP offer.

  • The IP address of the virtual machine/ESXi does not get renewed after the lease period. 

Environment

VMware NSX

Cause

  • NSX Segment Security Policy "default-segment-security-policy" has DHCP Server Block enabled by default. 
  • DHCP Server Block blocks traffic from a DHCP server to a DHCP client (It does not block traffic from a DHCP server to a DHCP relay agent).
  • DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP renewal requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.

  • DHCP client sends the unicast request to DHCP server after the lease period and this traffic is blocked by the rule "DHCP Server Block".

Resolution

  • Create a Segment Security Segment Profile with DHCP Server Block disabled
  • Replace default Segment security profile with Newly created security profile 

 

Additional Information

If you are using VMware HCX follow KB 321662

Powered by Wolken Software