In an environment utilizing dual-stack Virtual Machines (VMs) on NSX VLAN-based segments, users may encounter the following behavior:

• IPv4 traffic is fully operational (Ping, TCP/UDP work as expected).
• IPv6 traffic fails to egress the segment or reach the default gateway.
• Intra-segment connectivity fails: Two VMs on the same segment and same ESXi host cannot ping each other via IPv6.
• SLAAC/DHCPv6 fails to assign addresses as Neighbor Discovery Protocol (NDP) packets are dropped.
• Packet captures (Wireshark) show ICMPv6 Neighbor Solicitations leaving the VM but never arriving at the destination.

VMware NSX

The issue is typically caused by the Multicast Filter Mode on the vSphere Distributed Switch (vDS).

IPv6 relies heavily on Multicast for address resolution (Neighbor Discovery), whereas IPv4 uses Broadcast (ARP). If the vDS is set to "IGMP/MLD Snooping" (Advanced mode), the switch expects an MLD Querier to be active in the physical network. Without a querier, the vDS "prunes" or drops the Multicast Listener Discovery (MLD) packets. Since the VMs cannot "find" each other or their gateway via multicast, IPv6 communication is effectively severed.

To restore connectivity, change the vDS Multicast filtering behavior to ensure IPv6 control packets are not dropped.

1. Log in to vCenter Server.
2. Navigate to the Networking tab.
3. Select the vSphere Distributed Switch used by your NSX Transport Nodes.
4. Go to Configure > Settings > Multicast.
5. Click Edit and change the Multicast filter mode to Basic.
   
   Note: "Basic" mode enables "Flood on Unknown Multicast," ensuring ICMPv6 Neighbor Solicitations reach all ports on the segment.

Ensure the NSX manager is configured to support and discover IPv6 traffic:

1. IP Discovery Profile: Verify that ND (Neighbor Discovery) Snooping is enabled.
2. Global Networking Config: Navigate to Networking > Settings > Global Networking Config and ensure the L3 Forwarding Mode is set to IPv4 and IPv6.

After switching to Basic mode, the vDS will no longer prune the solicited-node multicast addresses.

• VMs should immediately be able to resolve the MAC address of their neighbors and the Gateway via ICMPv6.
• Validate by running "ping6 <IPv6 Address>" (or "ping -6 <IPv6 Address>" in Windows) from the affected guest OS.