Ping over an NSX L2 Bridge fails
Article ID: 386954
Updated On:
Products
VMware NSX
Issue/Introduction
- NSX Edge which is the primary Edge for the Bridge, is running on an ESXi host which is prepared for NSX
- The Edge is connected to a Distributed Port Group
- The Distributed Port Group is on a Distributed Virtual Switch which is prepared for NSX
- MAC Learning and Unicast Flooding is enabled on the DVS within vCenter
- A capture on ESXi host where the Edge Bridge is running shows ARP packets are dropped due to MAC Forgery. [MAC] is the source VM which initiated the ping
[root@host:~] pktcap-uw --trace --srcmac [MAC] -c 1Receive thread exiting...[Timestamp][1] PktHandleID: [ID]=, Captured at PktFree point, Drop Reason 'MAC Forgery Drop'. Drop Function 'L2Sec_FilterSrcMACForgeries'. TSO not enabled, Checksum not offloaded and not verified, SourcePort [Port], VLAN tag [Vlan], VLAN priority 0
...Environment
VMware NSX-T Data Center
VMware NSX
Resolution
This is expected behaviour.
For Edges connected to a Distributed Port Group on the NSX-prepared DVS, Option 2b in Configure an Edge VM for Bridging must be used.
Feedback
Yes
No
Powered by
