Duplicate response for Internet Control Message Protocol (ICMP) request - CARP controller nodes running on a same ESXi host
Article ID: 325067
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
In VMware ESXi 5.x, 6.x and 7.x host, when the ping command is performed from one of the Common Address Redundancy Protocol (CARP) controller nodes to another node running on a same ESXi host, you experience this symptom:
In VMware ESXi 5.x, 6.x and 7.x host, when the ping command is performed from one of the Common Address Redundancy Protocol (CARP) controller nodes to another node running on a same ESXi host, you experience this symptom:
- Duplicate Internet Control Message Protocol (ICMP) response is observed
Environment
VMware ESXi 5.5.x
VMware ESXi 6.5.x
VMware vSphere ESXi 7.0.x
VMware ESXi 6.7.x
VMware ESXi 6.0.x
VMware ESXi 6.5.x
VMware vSphere ESXi 7.0.x
VMware ESXi 6.7.x
VMware ESXi 6.0.x
Cause
This issue occurs when CARP controller nodes running on a same ESXi host has promiscuous enabled and the vSphere Distributed Switch (vDS) is using more than one uplink.
Resolution
This behavior is expected in VMware ESXi 5.x, 6.x and 7.x.
CARP contoller interface does not use MAC address that is assigned to the vNIC. This is the reason why the MAC address is not registered with the Standard Virtual Switch (VSS).
Since MAC address learning does not happen at the vSphere Distributed Switch (vDS) level with promiscuous mode enabled, when an ICMP packet is sent out, one copy of the packet is send to the destination virtual machine by the vSwitch with promiscuous mode enabled. Meanwhile, since the vSwitch does not know the destination MAC address, it also forwards the packet to the uplink. The packet then goes through the physical switch and come back through the other uplink. The destination virtual machine then receives two copies of the ICMP Echo request packet and responds twice which causes the duplicate ICMP response.
CARP contoller interface does not use MAC address that is assigned to the vNIC. This is the reason why the MAC address is not registered with the Standard Virtual Switch (VSS).
Since MAC address learning does not happen at the vSphere Distributed Switch (vDS) level with promiscuous mode enabled, when an ICMP packet is sent out, one copy of the packet is send to the destination virtual machine by the vSwitch with promiscuous mode enabled. Meanwhile, since the vSwitch does not know the destination MAC address, it also forwards the packet to the uplink. The packet then goes through the physical switch and come back through the other uplink. The destination virtual machine then receives two copies of the ICMP Echo request packet and responds twice which causes the duplicate ICMP response.
Additional Information
Internet Control Message Protocol (ICMP) 要求への重複応答 - 同じ ESXi ホスト上で動作する CARP コントローラ ノード
在同一个 ESXi 主机上运行的 CARP 控制器节点重复响应 Internet 控制消息协议 (ICMP) 请求
Impact/Risks:
Duplicate ICMP response
Feedback
Yes
No
Powered by
