VMware Cloud Community
DerJo
Contributor
Contributor
‎12-26-2011 07:40 AM

NIC Teaming with unused second NIC results in ping DUP errors between virtual machines

Hi there,

I'm running an ESXi 5 instance with two physical NICs installed.

I have a virtual machine running Ubuntu and one running Astaro secure gateway (ASG) (both on the same VLAN and vSwitch, but in different port groups).

The port group of the Ubuntu machine is configured to allow promiscuous mode for some reason.

One of the NICs seems to have become broken now and is flapping so i set it to unused in the vSwitch.

Now every now and then (because of the flapping) if I ping between the two virtual machines I receive DUP messages.

The direction of the ping is irrelevant, it happens in both directions.

tcpdump shows that while pinging the virtual machine running ASG one ICMP echo request is received but two replies are sent back.

While pinging the Ubuntu virtual machine from the ASG two eqal requests are sent and therefore two replies are received.

When I completely remove the defective NIC from the vSwitch, the problem disappears.

I also know that a setting called Net.ReversePathFwdCheckPromisc was introduced in ESXi 4.2 allowing to drop packages received by unused NICs for promiscuous ports.

But as far as I understand this, the ping packages should not traverse the physical NICs.

So my question is:

Why do I get duplicate ping packets even between two virtual machines on the same vSwitch if one physical NIC is unused although these packets should never traverse the physical NICs?

Is this a bug in ESXi?

I don't see any sense in having to remove unused NICs from the vSwitch even if they are broken. What's the sense of "unused" then?

Thanks for replies!

Greetings,

Johannes

0 Kudos
3 Replies
habibalby
Hot Shot
Hot Shot
‎12-27-2011 01:50 AM

Hello,

Under the properties of each portgroup, configure each pNIC to be active at the time and second pNIC unused for the same portgroup and vice versa for second portgroup.

PortGroup1  vmnic1 Active

PortGroup1  vmnic2 Unused

PortGroup2  vmnic2 Active

Portrgoup2   vmnic1 Unused

Thanks,

Best Regards, Hussain Al Sayed Consider awarding points for "correct" or "helpful".
0 Kudos
DerJo
Contributor
Contributor
‎12-27-2011 06:05 AM

Hello,

thanks for your reply.

But as I wrote, I cannot use the secondary NIC at the moment as it seems to be defective.

Currently the NIC is completely removed from the vSwitch.

I was just wondering why a second pNIC results in duplicate packets even within the vSwitch and even if it's unused!

Let's assume both NICs were active and one loses it's link. I guess I would have duplicate packages then until I manually remove the defective NIC from the vSwitch.

IMHO that would be no proper failover...

Greetings,

Johannes

0 Kudos
habibalby
Hot Shot
Hot Shot
‎12-27-2011 06:56 AM

Hi,

If you two physical switches without Link Aggregation enabled and you connect each nic to each switch and you configure vSwitch with these pNICs then the VM which is in the portgroup inside that vSwitch will get a DUP! packets. To solve the Duplicate packets issue, either you have to configure yours switches with Link Aggregation / stackable switches, or configure each portgroup to be active at on pNIC.

Thanks,

Hussain

Sent via BlackBerry® from Batelco

Best Regards, Hussain Al Sayed Consider awarding points for "correct" or "helpful".