North-South traffic is impacted in NSX
Article ID: 377403
Updated On:
Products
VMware NSX
Issue/Introduction
- Incoming traffic does not arrive at destination VM as expected.
- T0-GW external interfaces URPF (unicast Reverse Path Forwarding) Mode is set to "Strict".
- T0-GW traceflow output shows that packets drop at the last hop with the reason "Dropped due to IP failure":
Environment
VMware NSX-T Data Center
VMware NSX
Cause
In Tier-0 gateways, unicast Reverse Path Forwarding is enabled and set as "Strict".
When URPF is enabled, the Edge only forwards packets if they are received on the same interface that would be used to forward the traffic to the source of the packet. If the route to the source address of the packet is through a different interface than the one it is received on, the packet is dropped.
Resolution
This is a condition that may occur in a VMware NSX environment.
Workaround
To resolve this issue, set URPF mode to "None" via UI or API:
- NSX Manager UI: Set Interfaces > Tier -0 Gateways (Edit) > Interfaces and GRE Tunnel > Click on the number beside External and Seervice Interfaces > Set URPF mode as "None" for relevant interfaces.
- NSX Manager API: PATCH /policy/api/v1/global-infra/tier-0s/<tier-0-id>/locale-services/<locale-service-id>/interfaces/<interface-id>
Additional Information
NSX-EDGE-UPL
Feedback
Yes
No
Powered by
