VMware NSX

 View Only
  • 1.  NSX-T Hairpinning

    Posted Jul 20, 2022 02:53 PM

    Trying to find a resolution to traffic hairpins within our NSX-T deployment. 

    We host numerous environments for segmented customers. Each customer gets their own T0 and T1. Each T0 has public IP space attached to it. BGP makes everything seamless. 

    One of our customers raised an issue where they were testing one of their public web interfaces from a server within their environment. When testing, it was confirmed that the interface works internally (x.x.x.x) but not when using the public address (X.X.X.X). When tested from an external source, it works fine (X.X.X.X). 

    So, we have arrived at the point that the NSX-T T0 is having trouble with hairpinning / u-turn traffic. The Flow is similar to the below:

    VM2 (10.10.x.y) > T1 > T0 (SNAT 1.1.X.Y) > T0 (DNAT 1.1.X.X) > T1 >VM1 (10.10.x.x)



    All other traffic flows inbound and outbound work. It is only when the T0 has to route to itself on the external interface do we see issues.

  • 2.  RE: NSX-T Hairpinning

    Posted Sep 15, 2023 03:22 PM

    Ever get this resolved?  

    I have the same exact issue in the Azure VMWare Solution deployment of NSX-T

  • 3.  RE: NSX-T Hairpinning

    Posted Sep 15, 2023 04:10 PM

    No, unfortunately not.

  • 4.  RE: NSX-T Hairpinning

    Broadcom Employee
    Posted Sep 16, 2023 07:05 PM

    Is there any specific reason why you configured NAT at T0?  Why don't you use the T1 NAT policy? 

  • 5.  RE: NSX-T Hairpinning

    Posted Oct 04, 2023 10:19 PM

    I can't speak to the original poster.  but in the AVS NSX-T that we have, we have NATs in the T1 and nothing at all works when trying to loop back to the inside.