VMware Cloud Community
David_Grocke
Contributor
Contributor
‎02-13-2018 01:40 AM

/Net/ReversePathFwdCheckPromisc Behaviour

Hi Smart People! Long time stalker

Can someone please explain the criteria for a packet to be dropped when using /Net/ReversePathFwdCheckPromisc = 1 /// Net.ReversePathFwdCheckPromisc = 1

I see behaviour on 6.0 and 6.5 where broadcast traffic originating from a forged MAC (non-vNIC MAC on the VM guest) is returning on a redundant pNIC even though this is set to 1. My understanding of this setting was that multicast or broadcast traffic originating from one pNIC in a team would be dropped when returning in a redundant or standby pNIC. Many of my hosts cannot use pNIC teaming or switch LAG/LACP/Teaming because they are homed to non-stacked switches.

My understanding of the behaviour must be incorrect as my guest with one vNIC still sees broadcasts originating from itself, coming in from the other pNIC in the team. I had hoped there would be a setting for broadcast listener port on a vSS or vDS. Purportedly if the MAC is of the vNIC on the guest this setting does allow he host to drop the packet, but not if it's forged as well as the vSwitch in promiscuous mode.

Anyway, I hope someone smart can answer the question Smiley Happy

Lots of thanks in advance

David Grocke

South Australian VMware Addict

Reply
0 Kudos
2 Replies
daphnissov
Immortal
Immortal
‎02-13-2018 05:49 AM

Did you make sure to disable/re-enable promiscuous mode on the port group to where this VM is connected ​after configuring Net.ReversePathFwdCheckPromisc?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
tanmoys2905
Contributor
Contributor
‎04-26-2020 04:59 AM

Correct, after I enabled the following flag on the ESXi host, I had to do a link-down/link-up on the guest interface, so that it takes effect.

esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1 (Reference https://kb.vmware.com/s/article/59235)

Reply
0 Kudos