3rd party multicast application fails to communicate each other after migrated to NSX Segment from distributed port group with promiscuous mode accepted.
search cancel

3rd party multicast application fails to communicate each other after migrated to NSX Segment from distributed port group with promiscuous mode accepted.

book

Article ID: 383469

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Migrate the VM from distributed port group with promiscuous mode accepted.
  • Multicast packets such as VRRP cannot be seen on Guest OS.
    • Packet capture at Guest OS does not show the multicast packets.
  • The multicast packets were sent from 3rd party application including:
    • Fujitsu IPCOM
  • Port status does not contain a multicast mac address for the multicast application in multicastAddresses in accepted or requested filters except 01:00:5e:00:00:01 which is for All Host, 224.0.0.1.
    Guest OS cannot receive multicast packets unless Guest OS requests the mac address and the associated port accepts the mac address.
    # vsish -e get /net/portsets/<DvsPortset>/ports/{port_id}/status
    port {
       port index:<port index>
       vnic index:<vnic index>
       portCfg:########-####-####-####-############
       dvPortId:########-####-####-####-############
       clientName:<VM Name>.eth#
       clientType: 5 -> VMM Virtual NIC
       clientSubType: 9 -> Vmxnet3 Client
       world leader:<world leader id>
       flags: 0x40093 -> IN_USE ENABLED WORLD_ASSOC DVS_PORT CONNECTED
       Impl customized blocked flags:0x00000000
       Passthru status: 0x8 -> DISABLED_BY_HOST
       fixed Hw Id:<mac address>:
       ethFRP:frame routing {
          requested:filter {
             flags:0x0000001b
             unicastAddr:<unicast mac address>:
             numMulticastAddresses:1
             multicastAddresses:01:00:5e:00:00:01,
             LADRF:[0]: 0x0
             [1]: 0x0
          }
          accepted:filter {
             flags:0x0000000b
             unicastAddr:<unicast mac address>:
             numMulticastAddresses:1
             multicastAddresses:01:00:5e:00:00:01,
             LADRF:[0]: 0x0
             [1]: 0x0
          }
       }
       filter supported features: 0 -> NONE
       filter properties: 0 -> NONE
       rx mode: 0 -> INLINE
       tune mode: 0 -> default
       fastpath switch ID:0xffffffff
       fastpath port ID:0xffffffff
    }

Environment

NSX 4.x
NSX-T Data Center 3.x

Cause

Some 3rd party application does not use system call to join multicast group.

Depending on Guest OS Kernel, the system call to join multicast group is different.

  • In Linux, IP_ADD_MEMBERSHIP passed to setsockopt().

NSX Segment captures the system call and accepts multicast address.

Distributed port group with promiscuous mode accepted does not filter multicast packets based on requested / accepted filters.

Resolution

Workarounds:

  • In Linux, the following command joins an interface to a multicast group.
    ipmaddr add <multicast mac address> dev <device name>
Powered by Wolken Software