NSX VXLAN traffic will have the df bit set so will not work if it sends a frame larger than the MTU. In your case it sounds like there's either a device somewhere in the path with an interface that isn't enabled for a 9000 byte MTU or traffic is getting some sort of additional encapsulation across the WAN that's causing it to exceed 9000 bytes. That being the case, you might want to start by adjusting your ping sizes to see if something slightly smaller will work (pointing to additional encapsulation overhead being the issue, in which case you'd just need to set the vDS MTU to slightly smaller than 9000 so that it keeps the VXLAN frames small enough to get through without fragmentation), otherwise, you'll need to start checking interfaces in the path to see where the MTU is smaller and/or if it's your WAN provider.
1 person found this helpful
I suggest to use a packet capturing on ESXi host to see the packet leaving the host with -d option inside.