Support Center > Search Results > SecureKnowledge Details
Traffic is dropped with log "drop reason: Address spoofing" by all Virtual Systems
Symptoms
  • All Virtual Systems with enabled SecureXL drop traffic with log "drop reason: Address spoofing" in the following scenario:

    1. VLAN interfaces are configured on a physical interface / Bond interface on VSX Gateway / VSX cluster members.
    2. Each Virtual System is connected to different VLAN on the same physical interface / Bond interface.
    3. SecureXL is enabled on these Virtual Systems.
    4. Virtual Switch is configured and connected to a new VLAN on the same physical interface / Bond interface.
    5. Immediately after pushing VSX configuration, SmartView Tracker is flooded with drop logs from the Virtual Systems (which are not even connected to this Virtual Switch): "drop reason: Address spoofing"
    6. The traffic that is dropped does not even pass through these Virtual Systems.

    Example:

    1. VS1 is connected to eth3.100
    2. VS2 is connected to eth3.200
    3. SecureXL is enabled on VS1 and on VS2
    4. VSW is connected to eth3.300
    5. VS1 and VS2 drop traffic that does not even pass through them
  • Disabling SecureXL on Virtual Systems that are connected to the involved physical interface / Bond interface resolves the issue - there are no more drop logs in SmartView Tracker.

Cause

By design, when a Virtual Switch is connected to a physical interface / Bond interface, this interface starts listening to traffic in promiscuous mode (because Virtual Switch is a Layer 2 device). As a result, all traffic that passes through this physical interface / Bond interface reaches all Virtual Systems connected to this interface. SecureXL should silently drop traffic that is not destined to the specific Virtual System.


Solution
Note: To view this solution you need to Sign In .