Traffic not flowing for segments backed by NSX edge bridging
search cancel

Traffic not flowing for segments backed by NSX edge bridging

book

Article ID: 404038

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • No communication between virtual machines backed by bridging segments. 
  • In NSX UI, traceflow shows packets dropped at the ESXi.
  • Packet capture on the active edge interface shows ARP resolution failure. 

Environment

VMware NSX 4.x

vSphere 7.x

Cause

The security policy of the distributed portgroup of the Logical Switch where the NSX Edge bridge node is connected, was set to "Reject".


Resolution

Method 1: Enable Promiscuous Mode and Forged Transmit

It is recommended to enable Promisocous and Forged Transmit configuration settings on the distributed port group of the Logical Switch where the NSX Edge bridge node is connected. The drawback of enabling promiscuous mode is that all the VMs on the Logical Switch can access the packets even if a single VM receives the packet. Therefore, enabling promiscuous mode might impact network performance.

Method 2: Enable MAC Learning and Forged Transmit

MAC Learning is more efficient as compared to promiscuous mode. MAC Learning is a native feature in vSphere Distributed Switch. This feature is available starting in vSphere 6.7, and it is supported in vSphere Distributed Switch 6.6.0 or later. However, you can enable MAC Learning only with the vSphere API, and you must be familiar with scripting to enable this feature on the port group. After you have enabled MAC Learning, you can verify the macLearningPolicysettings in the vCenter Managed Object Browser (MOB) at http://{vCenter-IP-Address}/mob.

Additional Information

Powered by Wolken Software