North South traffic is impacted in NSX
search cancel

North South traffic is impacted in NSX

book

Article ID: 377403

calendar_today

Updated On:

Products

VMware VMware NSX

Issue/Introduction


- Incoming traffic destined to the VM does not arrive.

- Virtual machines (VM) are connected to VLAN segments.

- When running traceflow, the output shows that the packet dropped at the last hop with the reason " Dropped due to IP failure".


Environment

VMware NSX-T Data Center 3.x

VMware NSX

Cause

In Tier-0 gateways, unicast Reverse Path Forwarding is enabled and set as "Strict".

When URPF is enabled, the Edge only forwards packets if they are received on the same interface that would be used to forward the traffic to the source of the packet. If the route to the source address of the packet is through a different interface than the one it is received on, the packet is dropped.

Resolution

To resolve this issue, set URPF mode to "None".

via UI : 

  1. With admin privileges, log in to NSX Manager
  2. Select Networking > Tier -0 Logical Routers
  3. Select the tier-0 logical router and click Edit
  4. Set URPF mode as "None".

 

Via API 

Method: PATCH
URI Path(s): /policy/api/v1/global-infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/interfaces/<interface-id>
Powered by Wolken Software