IPFIX traffic generated via the "ops" TCP/IP stack fails to exit DPU enabled ESXi hosts, when the VCF Operations for Networks Collector is in a different subnet than the ESXi host's "ops" interface
search cancel

IPFIX traffic generated via the "ops" TCP/IP stack fails to exit DPU enabled ESXi hosts, when the VCF Operations for Networks Collector is in a different subnet than the ESXi host's "ops" interface

book

Article ID: 428909

calendar_today

Updated On:

Products

VCF Operations for Networks VMware vSphere ESXi

Issue/Introduction

Through packet captures using techniques described in KB 419729 - How to determine if IPFIX packets are flowing from DPU enabled ESXi hosts to VCF Operations for Networks Collector node(s):

  • You observe that IPFIX traffic generated via the "ops" TCP/IP stack fails to exit DPU enabled ESXi hosts;

  • When the VCF Operations for Networks Collector is in a different subnet than the ESXi host's "ops" interface;

  • Necessitating a gateway for routing.

 

Environment

ESXi

VCF Operations for Networks

Cause

The root cause is a code defect in the handling of gateway configurations for the "ops" netstack within the DPU architecture.

The gateway setting is not correctly propagating to the active routing table inside the DPU host.

NOTE:  This is an ESXi code defect, but it impacts VCF Operations for Networks

Resolution

The code fix for this defect will be included in a future release.

However, here is a Workaround:

  1. Manually add the missing default route to the "ops" netstack. This must be executed within the ESXi shell of the DPU itself.

    • Command Structure: "esxcli network ip route ipv4 add -n 0.0.0.0/0 -g <GATEWAY_IP> -N ops"

  2. Workaround Steps:

    1. SSH into the ESXi host with the userid "root"

    2. SSH into the Active DPU host with the command "dpuctl ssh vmdpu0"

    3. Enter the command "esxcli network ip route ipv4 add -n 0.0.0.0/0 -g <GATEWAY_IP> -N ops"

      • Substitute an appropriate gateway IP address for the "ops" interface, where you see "<GATEWAY_IP>" in the above command

  3. Validate the appropriate connectivity with the command "vmkping -I vmkN ###.###.###.### -S ops"

    • Where:

      • vmkN represents the vmkernel interface configured to the "ops" netstack

      • ###.###.###.### represents the IP address of the VCF Operations for Networks Collector.

 

Additional Information

If, after implementing the workaround, you still have difficulty ensuring that IPFIX packets leaving the DPU enabled ESXi host are being received by the VCF Operations for Networks Collector node, please open a support case with the VCF Operations for Networks team using the instructions at KB 142884 - Creating and managing Broadcom cases

Powered by Wolken Software