Step 14 of the deployment guide for vSRX on VMware indicates that the promiscuous mode[1] VMware feature should be enabled for the port-group where the fxp0 interface lives.
I can't figure out why. The following things all agree about the fxp0 MAC address:
- The vSphere admin UI
- The vSRX CLI
- Neighboring device ARP tables
As far as I can tell, this interface acts like any other host, doesn't have any weird use of MAC addresses.
I forgot to enable it on a recent deployment and yep... it matters. Without ticking the promiscuity box, L2 neighbors were able to get ARP resolution for the fxp0 interface, but weren't able to talk to it.
Anybody understand why?
[1] I hate that VMware overloads the term promiscuous mode to describe this feature. In reality its (a) an automatic port-mirror function triggered by the promiscuity register in the vNIC and (b) a workaround for their godawful non-learning bridge.
No comments:
Post a Comment