• Linux Virtual Machines (VMs) configured with static IPv6 addresses (without SLAAC, DHCPv6, or RA) and connected to an overlay segment experience intermittent network connectivity.
  
  
• IPv6 traffic (such as a continuous ping) works initially after configuration but dies randomly after a period of minutes or hours.
• The traffic starts working again when the network interfaces are reset and the VMs are rebooted.
  
  
• Review of the overlay segment configuration shows no misconfigurations.
  
  
• When checking the Multicast Listener Discovery (MLD) table on the host where VMs are deployed  using the command nsxdp-cli vswitch mcast_filter vswitch get --mode MLD --dvs-alias <dvs-name>, the multicast addresses for the affected VMs are missing from the MLD database.

• VMware NSX

The Distributed Firewall (DFW) is configured with a rule that blocks MLD query/report packets generated by the Virtual Machines.

In an IPv6 environment, MLD query/reports are essential for the vSwitch to maintain the multicast group membership required for neighbour discovery and traffic forwarding.

Packet captures at the PreDvFilter (before DFW) show the VM generating MLD reports; however, captures at PostDvFilter (after DFW) show these packets are dropped. Because the MLD packets never reach the virtual switch, the MLD database entry expires, causing the switch to stop forwarding IPv6 traffic to the VM.

This is a configuration issue where DFW rules are inadvertently blocking essential IPv6 control traffic.

To resolve this issue, ensure that the Distributed Firewall (DFW) allows MLD traffic for the affected VMs.

Review DFW rules to identify which rule is dropping IPv6 Multicast traffic.

Modify DFW Rules to allow ICMPv6 MLD (Multicast Listener Report/Query) packets.

After applying the rule, verify the MLD table on the ESXi host using the command  nsxdp-cli vswitch mcast_filter vswitch get --mode MLD --dvs-alias <dvs-name> to ensure the VM's multicast addresses are now being populated. 

Resume the ping tests to confirm that IPv6 connectivity remains stable and no longer drops randomly.

If you are contacting Broadcom support about this issue, please provide the following:

• NSX Manager support bundles.
  
  
• ESXi host support bundles for the host where the affected VM is running.
  
  
• Name and IPv6 address of the impacted VMs.

Handling Log Bundles for offline review with Broadcom support:

• Collect Support Bundles for Troubleshooting VMware NSX
  
  
• Uploading files to cases on the Broadcom Support Portal
  
  
• Creating and managing Broadcom support cases