Those alarms looks to be genuine one since the NSX dashboard provides visibility to the overall health of NSX components and i believe you are receiving the alerts from NSX dashboards ? Mostly hardware address of the DHCP client is spoofed.Using the NSX Dashboard
I understand you don't have any external route , what is purpose of software router ? Are you leveraging DHCP services ?
Shure, there is a new section in Dashboard called 'Host Notifications' and there is 'DHCP Starvation' string.
As well this produces Alarms in web client.
Purpose of the router is to make a lab with simulation of Cisco devices. I didn't deploy this virtual router. However I suppose that it has DHCP server role as well.
So my goal is to understand what NSX tries to tell me?
Who is under attack from NSX perspective?
From the screenshots VM which is connected to DVS port -50331681(13724) is certainly under attack and you confirmed that it is the software router . Can you explore any firewall in that router and ensure appropriate rules are in place and block rest of the traffic ?
Actually this is software router which attacks VM on port 50331681(13724).
His MAC is mentioned in the error in vmkernel.log
However how can I figure out what VM is connected to port 50331681(13724) ?
ok, I see that 13724 is DV port id. And this is the port where software routert with mentioned in error MAC addess is connected.
Now I'm totaly confused and don't understand who is under attack.