I have a problem with arp requests on the bridge for guest traffic
In the drawing below the current architecture.
If a request arrives from the outside, passing through the firewall, and the firewall is starting to communicate to a VM connected to a NIC to BR1-UP bond of BR1 bridge, the ARP request for the resolution of the VM address stops at the bridge BR1 and do not reach the VM, in this case the firewall and VM ARP tables remain unpopulated and the communications stop.
On the other hand, if the communications depart from the VM to the Firewall (for example with a ping) the ARP request is processed by the firewall and the ARP tables of firewall and VM are correctly populated with the respective MAC ADDRs.
Firewall IP and VM IP are in the same broadcast domain, no routing.
I checked with Wireshark on the windows VM, with tcpdump and ovs-appctl fdb/show on the Nutanix host and when the communications start from the firewall the ARP request goes up to the physical card of the BR1 bridge (Eth0) but does not reach the Windows VM.
Has anyone happened? Can you give me some suggestions for indeep troubleshooting?
Thank you
p.s.: layer 3 level works fine
Firewall Fortigate: FW Ver. 5.6.3
Switches Cisco Nexus 5K Series
Nutanix Node NX 8035G5
Solved
Layer2 Issue - AOS 5.5.8 - AHV
Best answer by UPX
for the moment we have checked some captures with the support and the only workarounds were to remove the VPC configuration from the Nexus or to put a static ARP for the internal VMs on the firewall ARP table.
We are still investigating why ARP request stops on the Nutanix bridge when the VPC is on.
View originalWe are still investigating why ARP request stops on the Nutanix bridge when the VPC is on.
This topic has been closed for comments
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.