Impact of changing the value of ip_forward to 0 instead of 1 in a NSX-T Environment.
search cancel

Impact of changing the value of ip_forward to 0 instead of 1 in a NSX-T Environment.

book

Article ID: 384234

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The above requirement might be put forward due to compliance/recommendations set from the Security Teams.

Environment

VMware NSX-T Data Center
VMware NSX

Cause

  • The location of the parameter on the NSX Manager resides in the following path :
  • /proc/sys/net/ipv4/ip_forward
  • By default, the parameter value is set to "1" which indicates that IP Forwarding is enabled.
  • A value "0" if set, will indicate that the forwarding of the packets between the interfaces will stop.

Resolution

Our recommendation would be not to change the value to "0" as the following functionalities might break :

Routing Functionality :

  • Disabling IP forwarding will prevent the hypervisor to route packets between different virtual networks and external networks.

Network Segmentation :

  • Disabling IP forwarding can break network segmentation.

High Availability :

  • Disabling IP forwarding can affect load balancing leading to uneven traffic distribution.

 

 

Powered by Wolken Software