Troubleshooting NSX-T Layer 2 Bridging
search cancel

Troubleshooting NSX-T Layer 2 Bridging

book

Article ID: 378062

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center VMware NSX Networking

Issue/Introduction

This article addresses bridging issues in NSX-T versions 3.x and 4.x within typical NSX-T environments where we see intermittent drops or 
broken communication between Overlay Network and Bridged VLAN segments connected via a EDGE Bride VM

Environment

VMware vSphere ESXi

VMware NSX-T 3.x

VMware NSX 4.x

Cause

For bridging to work properly, frames that are destines for MAC addresses that are not directly attached to the VSS/VDS must be delivered to the EDGE NODE VM. The "ReversePathFwdCheckPromisc"  setting is a critical parameter that controls how packets are processed in promiscuous mode. If this setting is misconfigured or if promiscuous mode is not enabled on the necessary interfaces, it can result in dropped packets or intermittent broken connectivity between segments. 

 

Resolution

There are multiple options to configure L2 Bridging in a NSX-T Environment (refer to additional information below) - For EDGE VM on a VSS Portgroup , we need to follow the below steps. 

 

  • Set promiscuous mode on the portgroup
  • Allow forged transmit on the portgroup 
  • Run the following command to enable reverse filter on the ESXi host where the EDGE Bridge VM is running "esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1
  • Then disable and enable promiscuous mode on the portgroup 

NOTE : Make sure  "/Net/ReversePathFwdCheckPromisc"  is set on every ESXi hosts where the EDGE Bridge VM may reside. If the EDGE Bridge VM migrates to a Host where "/Net/ReversePathFwdCheckPromisc" is NOT set, then the bridging may drop packets or break connectivity intermittently 

Additional Information