Physical switch MAC loop alerts caused by Route based on IP hash configuration
search cancel

Physical switch MAC loop alerts caused by Route based on IP hash configuration

book

Article ID: 440179

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • Physical switches report MAC loop events originating from virtual machines running on VMware ESXi hosts. The switch logs contain messages similar to:

    Loops detected in the network for mac 0050.56##.#### among ports.

Environment

VMware vSphere ESXi 8.x

VMware vCenter 8.x

Cause

The ESXi vSwitch is configured with the Route based on IP hash load balancing policy. However, the connected physical switch ports are not configured as EtherChannel.

Route based on IP hash works by taking the source and destination IP addresses and performing a mathematical calculation on each packet to determine which uplink in the team to use. A single virtual machine communicating with multiple IP addresses can balance its load across all of the network adapters in the team. Without EtherChannel configured on the physical switch, the switch receives frames from the same VM MAC address on multiple independent physical ports. The switch interprets this as MAC movement, MAC flapping, or a network loop condition, generating loop detection alerts.

Resolution

To resolve this issue, the configuration on the physical switch must match the load balancing policy on the vSwitch. Follow one of the two options below:

Option 1: Configure EtherChannel on the physical switch

Coordinate with the network administration team to configure the physical switch ports as EtherChannel.

Option 2: Change the vswitch load balancing policy

Change the load balancing policy to Route based on originating virtual port.

For a Standard vSwitch (vSS):

  1. Login the vCenter web client.
  2. Navigate to the host with the standard switch to modify, then select virtual switches from Configure > Networking.
  3. Click the three dots next to each portgroup name and select Edit Settings.
  4. Under Teaming and Failover, confirm the Override checkbox for Load balancing is not selected.
  5. Once all portgroups have been validated, click Edit next to the virtual Standard Switch that is being modified.
  6. Under Teaming and Failover, change the Load balancing configuration to Route based on originating virtual port.

For a vSphere Distributed Switch (vDS):

  1. Login the vCenter web client.
  2. Click on the Network symbol.
  3. Right click the virtual distributed switch and select Distributed Port Group > Manage Distributed Port Groups
  4. Select the check box next to Teaming and Failover and click Next.
  5. Select the check box next to the portgroup name and click Next.
  6. Click the drop down for the Load balancing policy and select Route based on originating virtual port and click Next.
  7. Click Finish to end the wizard and apply the change to all selected portgroups.

Additional Information

Understanding IP Hash load balancing

Load Balancing Algorithms Available for Virtual Switches

Powered by Wolken Software