Network traffic for a VM with HCX MON (Mobility Optimized Networking) disabled is being forwarded to the NSX VDR gateway causing network issues.
search cancel

Network traffic for a VM with HCX MON (Mobility Optimized Networking) disabled is being forwarded to the NSX VDR gateway causing network issues.

book

Article ID: 428803

calendar_today

Updated On:

Products

VMware NSX VMware HCX

Issue/Introduction

  • You have HCX MON (Mobility Optimized Networking) enabled at the segment level.
  • From the HCX UI under the Network Extension tab, the affected VM located at target side has MON disabled (the HCX UI confirms that MON is only disabled at the VM level).
  • During the troubleshooting, using the pktcap-uw utility, you found that the VM is receiving requests from another subnet via the source gateway; however, instead of replying to the on-premises gateway, the MAC address it uses for the gateway is the NSX VDR (02:50:56:56:44:52).
    Note: When HCX MON is disabled, the target VM does not use the NSX VDR MAC address; it only uses it when MON is enabled.
  • From the NSX Tier-1, there is no static /32 route created for the affected VM.
  • From the ESXi host running the affected VM, after running the command net-stats -l and filtering for the portID of the affected VM, and then gathering information using net-dvs -l, the following entries are observed: 
    com.vmware.nsx.port.extraConfig.remoteRtr = ###.###.###.### 02:50:56:48:43:58 02:50:56:56:44:52 00:00:00:00:00:00 LE ,        propType = POLICY

Environment

VMware HCX 4.11

Cause

While the HCX UI displays that MON is not enabled, and there is no /32 host route configured on the NSX T1 (which also indicates MON is not configured from an NSX perspective), the ESXi host is still reporting that the LE flag (Local Egress) is enabled. When the LE flag (com.vmware.nsx.port.extraConfig.remoteRtr = ###.###.###.### 02:50:56:48:43:58 02:50:56:56:44:52 00:00:00:00:00:00 LE) is enabled at the switchport (observed from net-dvs -l output), it indicates to the VM that it should send traffic to the NSX VDR.

This issue can be caused by a stale entry or an improper cleanup performed by HCX.

Resolution

If you believe you have encountered this issue, open a support case with Broadcom Support and refer to this KB article.

For more information, see Creating and managing Broadcom support cases.

Workaround:

  • From the HCX UI, under the Network Extension tab, enable MON at the VM level.
  • Once MON is enabled again, you can disable it once more.
    Note: This will force HCX to re-push all configurations and parameters, ensuring it properly removes the stale entries this time.

Additional Information

Packet capture on ESXi using the pktcap-uw tool

Powered by Wolken Software