Global NSX Federation Segment communication failure on Kemp LoadMaster VMs after SRM failover to DR site
search cancel

Global NSX Federation Segment communication failure on Kemp LoadMaster VMs after SRM failover to DR site

book

Article ID: 412793

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX Federation with two Local Manager instances, one being primary (Site-A) and the other being secondary (Site-B)

  • Kemp LoadMaster VMs in HA have been failed over from Site-A to Site-B using SRM

  • Kemp LoadMaster VMs using NSX Global Overlay Segment for high-availability (HA) communication (VRRP protocol)

  • Kemp LoadMaster VM HA fails to establish connection between the two VMs

  • All other traffic communication works as expected between the two VMs in question

  • Capturing the VRRP traffic on the ESXi host where the two VMs reside, show packets leaving the VMs, but no reply is seen:

  • Using the pktcap-uw --trace --ip <dst_ip> command, the "Drop Reason" shows as 'MAC Forgery Drop' at the 'L2Sec_FilterSrcMACForgeries' module inside the IOChain of the ESXi host:

Environment

VMware NSX

Cause

MAC Learning is not enabled on the NSX Global Segment

Resolution

To enable MAC Learning on a NSX Global Segment:

  1. Navigate to the NSX Global Manager UI and follow the instructions in: Create an NSX MAC Discovery Segment Profile

  2. Navigate back to the NSX Segments tab and edit the Segment in question by clicking the three vertical dots to the left of the Segment Name

  3. Click the drop-down arrow to the left of the Segment Profiles section and select the MAC Discovery Segment Profile you created from step 1

  4. Save

Additional Information

Powered by Wolken Software