VMware Cloud Community
jasonmw
Contributor
Contributor
Jump to solution

VMware device with 2 NICs claiming same IP with two MAC addresses

Good morning.

I am seeing intermittent messages from my network gateway that two MAC addresses associated with a virtual machine running on a ESXi 5.5 host are claiming the same IP address.

The VM is a MiTel 3300 controller for a VOIP system; the system is configured to have two IP addresses, one on the LAN and another with a public IP in the DMZ. In the network configuration of the 3300, I have assigned the LAN IP to 00:0C:29:30:B2:B2 and the DMZ IP to 00:0C:29:30:B2:BC (both MACs corresponding to networking devices presented by the ESXi host to the VM).

On the host, I have configured a vSwitch with exclusive access to two physical NICs on the host machine. The vSwitch is configured with two virtual machine port groups, LAN and DMZ, with access to these physical NICs. On the NIC teaming tab of the vSwitch port groups, I have overridden the switch failover order to make one NIC active only for the LAN port group and the other NIC active only for the DMZ port group. (I am not sure how the contents of the networks column is determined. Neither is correct for the traffic observed on the physical switch. If these are configurable, please advise and I will change the settings.) The relevant settings for the vSwitch, port groups and VM itself are shown below.

On the VM itself, through the VMWare host, I have assigned 00:0C:29:30:B2:B2 to the LAN port group and 00:0C:29:30:B2:BC to the DMZ port group (as best as I can tell, anyway, since the MAC address field annoyingly obscures the last two digits of the MAC address - everything breaks if I reverse the mapping though so this appears correct).

The goal here is to ensure that the MACs of the vSwitch ports that the 3300 is listening and sending on always correspond to the physical ports that are being VLAN tagged by the physical switch to ensure routing. Generally, it seems this is happening but, intermittently, we are experiencing one-way calling that suggests a routing issue between us and our SIP trunk provider; coincident with these incidents I receive an email along the lines of "The security appliance in the network has detected an IP conflict with two or more devices. The IP 'DMZ.DMZ.DMZ.DMZ' is claimed by clients with the following MAC addresses: '00:0C:29:30:B2:B2' '00:0C:29:30:B2:BC'."

Have I done something in the configuration that would lead to this sort of intermittent collision? Have a hacked together a way to do something that could be accomplished in a more straightforward and reliable way?

Thanks for any insight you can offer.

Regards,

J.

pastedImage_191.pngpastedImage_197.png

pastedImage_200.png

pastedImage_422.png

Reply
0 Kudos
1 Solution

Accepted Solutions
jlanders
VMware Employee
VMware Employee
Jump to solution

I probably do not fully understand your configuration, but it appears that you're not interested in using NIC teaming in the MiTel 3300 VM's virtual switch.

If that's correct, why not create two virtual switches, each with a single port group (LAN and DMZ) and each with a separate (vmnic2 and vmnic1) uplink?

Typically, NIC teaming might be used to share traffic between uplinks and/or ensure that if one of the connected uplinks fails, a VM still has network access.

View solution in original post

Reply
0 Kudos
2 Replies
jlanders
VMware Employee
VMware Employee
Jump to solution

I probably do not fully understand your configuration, but it appears that you're not interested in using NIC teaming in the MiTel 3300 VM's virtual switch.

If that's correct, why not create two virtual switches, each with a single port group (LAN and DMZ) and each with a separate (vmnic2 and vmnic1) uplink?

Typically, NIC teaming might be used to share traffic between uplinks and/or ensure that if one of the connected uplinks fails, a VM still has network access.

Reply
0 Kudos
jasonmw
Contributor
Contributor
Jump to solution

Thanks. This is good advice. I didn't need the NIC teaming at all and was trying to use the port groups to make what was essentially two vSwitches. It's must more straightforward to have the two vSwitches themselves.

Reply
0 Kudos