Quantcast
Viewing all articles
Browse latest Browse all 8132

dvSwitch - IPv6 address limits on hosts attached?

I've been experiencing a rather odd problem for the last few days which has me baffled and I'm reaching out for advice/suggestions.  I am running ESXi-6.5 with the latest patch bundle as of the end of March.

 

I have 12 VMs of which 9 or so of them are all on a common "server" vlan, VLAN 10.  There is a 10G uplink from this virtual switch into a Cisco Catalyst switch with multiple VLANs mapped through to other hosts.  Management is on another NIC and there is a spare copper port on the server.

 

In my environment I had a Nexus 1000v switch installed and running successfully for some time.  I have been planning on migrating off this so I took the plunge and did this migration a week or two ago and I replicated the topology and created a dvSwitch within vCenter for this VLAN, and used the same trunked uplink as before. I then migrated all of the servers off the N1kv to the new dVswitch and onto port groups for each VLAN (same uplink).

 

Things were a bit unstable initially but everything came right after a full host restart.   I started experiencing problems with one VM an hour or so later after that.  The VM in question has one virtual NIC with 4x static IPv4 addresses on it, and 4x static IPv6 addresses (plus whatever the host gets from SLAAC I suppose).  This is the only VM with multiple IP addresses on it - which may be related to the problem.

 

What happens is that some of the IPv6 addresses stop working from outside the port-group on the dvSwitch.  Everything within the port-group on the same VLAN works and the addresses remain functional within the group, but from outside the dvSwitch and through the physical port, we lose access to and from some of the additional IPv6 addresses.

 

I've restarted the switch, and changed the 10G NIC (for a different Intel one with a different driver even).  Neither of these things have helped.

 

However what I did find helps is if I move the VM off onto a second dvSwitch, which has one of the otherwise unused copper port uplinks.  Same configuration again - but different uplink.  The connectivity starts working immediately once the problem occurs, and is stable for long periods of time.

 

Given this did all work with the N1kv I'm inclined to believe this is not a hardware problem, but a software problem with the dvSwitch or else some limitation that exists with the dvSwitch that does not exist with the N1kv.

 

The only change I hade to make when creating the port-groups was to enable promiscuous mode on my Palo Alto firewall interfaces but aside from that the port-groups are pretty standard.

 

Has anyone got any suggestions for what else I can try?  Are there any known issues/caveats with multiple IPv6 addresses bound to a host on a dvSwitch?


Viewing all articles
Browse latest Browse all 8132

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>