[External] HCX - Virtual machine does not receive a DCHP Server Offers on NSX-T backed HCX extended networks
search cancel

[External] HCX - Virtual machine does not receive a DCHP Server Offers on NSX-T backed HCX extended networks

book

Article ID: 321662

calendar_today

Updated On:

Products

VMware HCX VMware NSX Networking VMware Cloud on AWS

Issue/Introduction

Symptoms:
•    After a virtual machine with DHCP enabled is Bulk migrated or rebooted on an HCX extended network, it is not able to receive a DHCP address.

Cause 1:
•    The NSX-T Segment Security Policy  default-segment-security-policy has DHCP Server Block enabled by default. 
•    When HCX is used to extended a network to an vSphere environment that uses NSX-T networking, the default NSX Segment Policy is selected. 

Cause 2:
•    DHCP Server Block & DHCP Client Block are disabled by default. DHCP Server Block blocks traffic from a DHCP server to a DHCP client.
Note that, it does not block traffic from a DHCP server to a DHCP relay agent.
•    DHCP Client Block prevents a VM from acquiring a DHCP IP address by blocking DHCP requests. Even after setting “DHCP Server Block” to Disabled, DFW rules is required to allow the DHCP packets.


Environment

VMware NSX-T

Resolution

Resolution
Cause 1:
•    Create a Segment Security Segment Profile with DHCP Filtering disabled. 
•    Apply the new profile to any HCX extended networks that rely on DHCP for IP addressing. 
Note:  HCX Network Extension to NSX-T backed SDDCs in VMware Cloud on AWS automatically adjust the Segment Profile to allow DHCP requests. 

Cause 2:
•    We need to create DFW rules with destination as 255.255.255.255/32 to make DHCP working
•    From SDDC M16 version, There will be an internal Rule to allow DHCP traffic.