[External] HCX - Virtual machine does not receive a DCHP Server Offers on NSX-T backed HCX extended networks
Article ID: 321662
Updated On:
Products
VMware HCX
VMware NSX Networking
VMware Cloud on AWS
Issue/Introduction
Symptoms:
• After a virtual machine with DHCP enabled is Bulk migrated or rebooted on an HCX extended network, it is not able to receive a DHCP address.
Cause 1:
• The NSX-T Segment Security Policy default-segment-security-policy has DHCP Server Block enabled by default.
• When HCX is used to extended a network to an vSphere environment that uses NSX-T networking, the default NSX Segment Policy is selected.
Cause 2:
• DHCP Server Block & DHCP Client Block are disabled by default. DHCP Server Block blocks traffic from a DHCP server to a DHCP client.
Note that, it does not block traffic from a DHCP server to a DHCP relay agent.
• DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.
• After a virtual machine with DHCP enabled is Bulk migrated or rebooted on an HCX extended network, it is not able to receive a DHCP address.
Cause 1:
• The NSX-T Segment Security Policy default-segment-security-policy has DHCP Server Block enabled by default.
• When HCX is used to extended a network to an vSphere environment that uses NSX-T networking, the default NSX Segment Policy is selected.
Cause 2:
• DHCP Server Block & DHCP Client Block are disabled by default. DHCP Server Block blocks traffic from a DHCP server to a DHCP client.
Note that, it does not block traffic from a DHCP server to a DHCP relay agent.
• DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.
Environment
VMware NSX-T
Resolution
Resolution
Cause 1:
• Create a Segment Security Segment Profile with DHCP Filtering disabled.
• Apply the new profile to any HCX extended networks that rely on DHCP for IP addressing.
Note: HCX Network Extension to NSX-T backed SDDCs in VMware Cloud on AWS automatically adjust the Segment Profile to allow DHCP requests.
Cause 2:
• We need to create DFW rules with destination as 255.255.255.255/32 to make DHCP working
• From SDDC M16 version, There will be an internal Rule to allow DHCP traffic.
Cause 1:
• Create a Segment Security Segment Profile with DHCP Filtering disabled.
• Apply the new profile to any HCX extended networks that rely on DHCP for IP addressing.
Note: HCX Network Extension to NSX-T backed SDDCs in VMware Cloud on AWS automatically adjust the Segment Profile to allow DHCP requests.
Cause 2:
• We need to create DFW rules with destination as 255.255.255.255/32 to make DHCP working
• From SDDC M16 version, There will be an internal Rule to allow DHCP traffic.
Feedback
Yes
No
Powered by
