In a previous post I mentioned a workaround for vSphere with Tanzu, HAProxy and hairpinned traffic. On Dec 17th 2020 VMware released an update that removes the need for this workaround. The release notes at https://github.com/haproxytech/vmware-haproxy/releases/tag/v0.1.9 describe the issue and fix:
Fixes an issue that causes some routers to avoid routing traffic between VMware Supervisor Control Plane VMs and the HAProxy. On some routers this causes communication issues between the HAProxy and the SV VMs as those routers may not allow for hairpinned traffic. Previously routing rules existed on the SV VMs that required traffic bound for the HAProxy appliance to be routed to the gateway and then back into the subnet. That logic has been changed to route via L2 as of vSphere patch release 7.0.1 P02.
You will need the latest HAProxy OVA (0.1.9) and vSphere 7 U1 Patch 02 to obtain the fix. The vSphere versions are:
- vCenter: 17327586
- ESXi: 17325551