Ingress traffic is being dropped on a GRE Interface

search cancel

Ingress traffic is being dropped on a GRE Interface

book

Article ID: 419795

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

In asymmetric routing scenarios, ingress traffic is dropped on an GRE interface in 4.1.x environments
Reviewing statistics on the edge logical routers show the rpf check drop counter increasing:

# get logical-routers

"urpf-mode": "STRICT_MODE",
"rx_drop_rpf_check": 12365,

Environment

4.x

Cause

in 4.1.x the default uRPF mode is configured as strict

Resolution

This is resolved in 4.2.0

For NSX Edge Clusters, the default uRPF mode for the GRE interface has been changed in VMware NSX 4.2.0 and above.

In NSX 4.1.x, the default uRPF mode for the GRE interface was Strict. Starting with NSX 4.2.0 and later releases, the default mode is Port_Check.

Port_Check mode drops traffic if the egress interface for forwarding is the same as the ingress interface. In asymmetric routing scenarios, ingress traffic might be dropped in Strict mode. With Port_Check mode, such asymmetric traffic will no longer be dropped.

Feedback

thumb_up Yes

thumb_down No