This guide provides a structured approach to resolving issues where IPv4 traffic is successful, but IPv6 fails on NSX-T/NSX Data Center VLAN-based segments. IPv6 failure in an NSX environment is typically caused by global configuration omissions, lack of Neighbor Discovery (ND) profiles, or missing IP snooping methods within segment profiles.

VMware NSX

1. Global Networking Configuration
   
   By default, NSX may be restricted to IPv4. You must explicitly enable dual-stack support at the global level.
   
   • Path: Networking > Global Networking Config > EDIT
   • Action: Change the L3 Forwarding Mode to IPv4 and IPv6.
     
     
2. Neighbor Discovery (ND) Profile
   
   IPv6 does not use ARP; it relies on ICMPv6 Neighbor Discovery. If an ND profile is missing, VMs cannot locate their default gateway.
   
   
   • Action: Create an ND Profile and configure the appropriate Router Advertisement (RA) settings.
     
     Create an IPv6 Neighbor Discovery (ND) profile by navigating to Networking > Networking Settings > IPv6 > ND Profiles and selecting "Add". 
     
     
   • Action: Attach this profile to your specific IPv6-enabled segment.
     
     
3.  IP Discovery Profile (Snooping)
   
   NSX needs to "learn" the IPv6 addresses of VMs to apply Distributed Firewall (DFW) rules and routing correctly.
   
   
   • Action: Create or edit a Segment Profile (IP Discovery) and enable:
     
     
     • ND Snooping
     • DHCP Snooping IPv6
     • VMware Tools - IPv6
     • Optional - Disable RA Guard
       
       
   • Action: Apply this updated profile to your VLAN segments.
     
     
4. Tier-0/Tier-1 Gateway Routing
   
   Ensure the logical-to-physical boundary supports IPv6.
   
   
   • Verification: Confirm IPv6 addresses are assigned to Tier-0 Uplink interfaces.
   • Verification: Ensure IPv6 static routes or BGP peerings are active and successfully exchanging prefixes with the physical infrastructure.
     
     
   • On the NSX Edge Node
     
     Since the Edge manages the Tier-0 and Tier-1 gateways, you need to enter the specific service router (SR) or distributed router (DR) context to see the IPv6 neighbor table.
     
     • List all logical routers:
       get logical-routers
       
       
     • Enter the specific router VRF:
       vrf <ID>
       
       
     • View the IPv6 Neighbor Table (similar to ARP for IPv4):
       get neighbor
       
       Note: Look for "REACHABLE" or "STALE" status for your VM's IPv6 Link-Local (fe80::) or Global Unicast addresses.
       
       
     • Verify IPv6 Routing Table (exit the vrf context first):
       get route <prefix-ipv46>
       
       
   • On the ESXi Host
     
     To check if the host is learning IPv6 addresses through snooping (IP Discovery)
     
     
     • Get IPv6 Settings:
       esxcli network ip interface ipv6 get
       
       
     • List IPv6 Settings:
       esxcli network ip interface ipv6 address list
       
       
     • Display a list of known network neighbors in the ND cache for all VMkernel interfaces:
       esxcli network ip neighbor list
       
       
   • Connectivity Testing
     
     From the Edge CLI (within the VRF context), try to ping the VM or the physical gateway:
     
     • ping6 <IPv6-Address>
       
       
5. Distributed Firewall (DFW) Rules
   
   Standard "Allow All" rules often default to IPv4.
   
   
   • Action: Audit DFW policies to ensure IPv6 is permitted.
   • Key Requirement: Explicitly allow ICMPv6 (essential for discovery) and the required TCP/UDP ports for your specific applications.
     
     
6. Multicast & Physical Infrastructure
   
   If the logical configuration is correct but traffic still drops, check the underlying vSwitch and physical layer.
   
   
   • • vSwitch Action: Attempt changing the dvSwitch multicast filter mode to Basic.
     • Physical Port Check: Verify that Top-of-Rack (ToR) switches are trunking the correct VLANs to the ESXi hosts and that no physical ACLs are blocking IPv6/ICMPv6 traffic.

See also the following documentation: IPv6 Support in the NSX Platform Infrastructure