Network communication to an F5 BIG-IP Virtual Edition (VE) appliance experiences significant instability or total packet loss when multiple network interfaces (vNICs) are connected and active.

• Continuous ping tests to the F5 management or data plane IPs show intermittent or total failure.

• Packet loss occurs immediately upon connecting or powering on a second network interface.

• Disconnecting the secondary interface often restores stability to the primary interface.

• Troubleshooting confirms the physical network and NSX layers are healthy, suggesting a virtual switch-to-guest handoff issue.

• Product: VMware vSphere / VMware Cloud Foundation (VCF)

• Versions: 7.x, 8.x, 9.x

• Component: Virtual Standard Switch (VSS)

• Virtual Appliance: F5 BIG-IP Virtual Edition (VE)

The Port Group(s) assigned to the F5 virtual appliance have the Promiscuous Mode security policy set to Reject.

F5 BIG-IP appliances often require the guest OS to process frames not explicitly addressed to the vNIC's specific MAC address (e.g., when using Shared MACs, HA failover, or certain VLAN configurations). When this policy is set to Reject, the vSphere virtual switch drops these frames before they reach the F5 guest OS, leading to communication timeouts and dropped pings.

To resolve this issue, you must enable Promiscuous Mode on the Port Groups used by the F5 appliance.

1. Log in to the vSphere Client.

2. Navigate to the ESXi Host > Configure > Networking > Virtual switches.

3. Select the relevant Virtual Switch and click Edit on the targeted Port Group(s).

4. Navigate to the Security tab.

5. Set Promiscuous Mode to Accept.

6. (Recommended) Set Forged Transmits and MAC Address Changes to Accept as well to ensure full compatibility with F5 HA and MAC masquerading features.

7. Click OK to save the changes.

For further details on F5 BIG-IP VE deployment best practices on vSphere, consult the official F5 documentation regarding "Single-NIC vs. Multi-NIC configurations" and "MAC Masquerading."