NSX Segment Traffic Dropped with “Dropped by IFACE"
search cancel

NSX Segment Traffic Dropped with “Dropped by IFACE"

book

Article ID: 430569

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

 

  • NSX UI Traceflow shows packets dropped with the error Dropped by IFACE at the Tier-0 gateway.

  • The affected network prefix is present in the routing table, but the get route command reports the route as unreachable (blackhole).

  • BGP sessions between peers are established and stable.

 

Environment

VMware NSX 4.x

Cause

The issue may be related to how the subnet is set up or handled in the network. A network-side misconfiguration, such as overlapping IP ranges, can cause the route to be treated as a blackhole even though it is learned correctly.

 
 

Resolution

  • Validate the affected subnet with the network team to ensure it aligns with the overall routing design and is not subject to overlapping or conflicts.

  • For additional guidance on verifying and troubleshooting BGP routing issues within NSX, refer to this KB:

    Troubleshooting NSX BGP
Powered by Wolken Software