• Associated virtual machines are connected to the same NSX overlay segment
• The HA cluster relies on Layer-2 Multicast for communication.
• Unicast traffic will work however multicast packet do not reach the VM switchport with the virtual mac address. 
• This is also applicable when using HSRP.

VMware NSX

VMware NSX-T Data Center

The CARP mac is learned on the uplink instead of the VM vnic and thus, the packets do not get forwarded to the VM switchport.

Workaround:

• Associate the burned-in MAC to the CARP IP of the active unit instead of using the virtual mac. (Associated Vendor level change)

OR

• Enable "Mac Change" , "Forged Frames" and "Promiscuous" for the connected switchport where the virtual machines is being used for forming HA Cluster on the ESXi host

nsxdp-cli vswitch l2sec set --dvport <associated_port> -dvs <VDS/NVDS_name> --mac-change --forge-src --promisc

Note:

• Associated dvport can be seen from "nsxcli -c get ports"
• To view the setting, use "nsxdp-cli vswitch l2sec get -dvs <VDS/NVDS_name>"
• If the associated vms is moved to another ESXi hosts, the same settings needs to be configure again on the new associated host.