• Oracle connections time out when forwarded through the VMware NSX for vSphere 6.1.x Edge
• NSX Edge is dropping packets and the client/server keeps re-transmitting the same packets
• VMware NSX Edge logs contain entries similar to:
  
  <TIMESTAMP>> <HOSTNAME> kernel[]: [DDC]: [kern.notice] nf_ct_tns: dropping packetIN= OUT=vNic_2 SRC=<IP> DST=<IP> LEN=1500 TOS=0x02 PREC=0x00 TTL=125 ID=26365 DF PROTO=TCP SPT=1521 DPT=54128 SEQ=2115694261 ACK=1064216287 WINDOW=4104 RES=0x00 ACK URGP=0
  
  nf_ct_tns: dropping packetIN= OUT=vNic_1 SRC=<IP> DST=<IP> LEN=591 TOS=0x00 PREC=0x00 TTL=62 ID=25611 DF PROTO=TCP SPT=1521 DPT=64973 SEQ=1356912390 ACK=1698540119 WINDOW=156 RES=0x00 ACK PSH URGP=0
  ACCEPT_135188IN= OUT=vNic_2 SRC=<IP>
  DST=<IP> LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=1844 DF PROTO=TCP
  SPT=53523 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0
  nf_ct_tns: dropping packetIN= OUT=vNic_1 SRC=<IP>
  DST=<IP> LEN=591 TOS=0x00 PREC=0x00 TTL=62 ID=25612 DF PROTO=TCP
  SPT=1521 DPT=64973 SEQ=1356912390 ACK=1698540119 WINDOW=156 RES=0x00 ACK PSH
  URGP=0
  
  For more information, see Collecting diagnostic information for VMware NSX Edge (2079380).
  
  Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

This issue occurs because Oracle Transparent Network Substrate (TNS) packets are segmented. NSX Edge does not re-assemble segmented packets, and Oracle ALG ends up dropping the packets.

This issue is resolved in VMware NSX for vSphere 6.2.1, available at VMware Downloads. For more information, see the NSX for vSphere 6.2.1 Release Notes.

To workaround this issue when you cannot upgrade, disable the Oracle Application Layer Gateway (ALG).

Notes:

• If you upgrade NSX Edge, you must ensure to disable ALG again as this change is not persistent across upgrades.
• If firewall is disabled, ALGs are disabled automatically. In this case, ALGs remain disabled even after an NSX Edge upgrade.

For assistance on disabling Oracle ALG, contact VMware Support. To contact VMware support, see Filing a Support Request in Customer Connect (2006985) or How to Submit a Support Request.