knetwerking101
Contributor
Contributor
‎11-06-2023 10:11 AM

Determining source of IP address in NSX-T

Hello.  We have an NSX-T environment in which we are trying to determine source of broadcast traffic from IP 250.250.254.254.  The traffic is captured between two ESXi hosts that have NSX-T edge nodes installed.   We have three edge nodes installed in a cluster.  Looking at the attached screenshot, the traffic is traversing via a Geneve tunnel between the two NSX-T edge nodes.   Could the traffic from 250.250.254.254 be a heartbeat message between the NSX-T edge nodes?  Looking at the timestamps in the attached screenshot, there is quite a bit of traffic from 250.250.254.254.  Thanks in advance for any comments and insight.

Screenshot 2023-11-06 094922.png

 

Reply
0 Kudos
Sreec
VMware Employee
VMware Employee
‎11-06-2023 10:41 AM

Why did you decide to look at this broadcast frame? Why is the source field's class E range there?

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Tags (1)
Reply
0 Kudos
knetwerking101
Contributor
Contributor
‎11-06-2023 10:53 AM

Thanks for the reply Sreec.  We wanted to see what multicast traffic, if any, was traversing the network.  So, we initially did a search for IP's within the class d range in the wireshark capture.  Then later on, we noticed the 250.250.254.254 address.  In regards why the class E address is there, I am trying to determine what device/service is using this address as well.  Does anything within the VMWare environment use this address for heartbeat messages etc.?   This class E address seems to continually be sending a broadcast.  We've recently came into the position of managing and maintaining this network, so trying to put it together in my head.  

Reply
0 Kudos