ESXi hosts lose overlay connectivity and TEP tunnels drop when specific TEP IP addresses are assigned.
search cancel

ESXi hosts lose overlay connectivity and TEP tunnels drop when specific TEP IP addresses are assigned.

book

Article ID: 434336

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

ESXi hosts may experience an intermittent loss of all overlay connectivity when specific Tunnel Endpoint (TEP) IP addresses are assigned by NSX. When a conflict occurs, the TEP interfaces (vmk10 and vmk11) detect duplicate IP addresses on the network, causing all tunnels on the impacted host to drop. This results in a complete loss of Virtual Machine (VM) connectivity, often requiring manual workload migration to alternate hosts within the cluster to restore service.

Symptoms include:

  • Intermittent "Tunnels Down" for transport nodes.

  • ESXi system logs confirming vmk10 and/or vmk11 interface alerts for Duplicate IP addresses.

    Entries similar to the below are observed in ESXI logs:/var/run/log/vobd.log:

    2025-03-06T12:05:47.382Z: [netCorrelator] 8492350294662us: [esx.problem.net.vmknic.ip.duplicate] Duplicate IP address detected for 10.###.###.12 on interface vmk10, current owner being 00:50:##:##:12:ac.
    2025-03-06T12:05:47.675Z: [netCorrelator] 8492323880740us: [vob.net.vmknic.ip.duplicate] A duplicate IP address was detected for 10.###.###.12 on interface vmk10. The current owner is 00:50:##:##:12:ac.

    2025-03-06T12:05:47.701Z: [netCorrelator] 8492350294662us: [esx.problem.net.vmknic.ip.duplicate] Duplicate IP address detected for 10.###.###.23 on interface vmk11, current owner being 00:50:##:##:23:aa.
    2025-03-06T12:05:47.723Z: [netCorrelator] 8492323880740us: [vob.net.vmknic.ip.duplicate] A duplicate IP address was detected for 10.###.###.23 on interface vmk11. The current owner is 00:50:##:##:23:aa.

Environment

VMware NSX

Cause

The root cause is an IP address conflict originating from an orphaned or decommissioned ESXi host that remains powered on and connected to the network. This unmanaged host continues to hold and advertise TEP IP addresses, creating a conflict whenever the NSX TEP pool attempts to assign these same addresses to a new, active transport node.

Resolution

To resolve the connectivity loss, you must remove the source of the duplicate IP advertisement from the physical network:

  1. Identify the Source: Use a physical network trace (via the physical switch) to locate the port associated with the conflicting MAC addresses from ESXi vmkernel logs.

  2. Decommission the Orphaned Host: Once the physical host is located, perform one of the following actions:

    • Power down the decommissioned/orphaned ESXi host completely.

    • Remove the legacy NSX configuration from the orphaned host to officially release the TEP IPs back to the network.

  3. Verify Resolution: After the conflict is cleared from the wire, the TEP interfaces on the active transport nodes will no longer trigger duplicate IP detection, allowing tunnels to establish correctly.

Additional Information

Intermittent drops on NSX overlay segments due to duplicate TEP IPs.

Resolving Duplicate IP Assignment Issues When adding a new Host to an NSX Prepared Cluster.

Wrong or duplicate TEP IPs are shown on NSX UI

Powered by Wolken Software