Fix for vSphere with Tanzu, HAProxy and Hairpin traffic

Posted by

In a previous post I mentioned a workaround for vSphere with Tanzu, HAProxy and hairpinned traffic. On Dec 17th 2020 VMware released an update that removes the need for this workaround. The release notes at https://github.com/haproxytech/vmware-haproxy/releases/tag/v0.1.9 describe the issue and fix:

Fixes an issue that causes some routers to avoid routing traffic between VMware Supervisor Control Plane VMs and the HAProxy. On some routers this causes communication issues between the HAProxy and the SV VMs as those routers may not allow for hairpinned traffic. Previously routing rules existed on the SV VMs that required traffic bound for the HAProxy appliance to be routed to the gateway and then back into the subnet. That logic has been changed to route via L2 as of vSphere patch release 7.0.1 P02.

You will need the latest HAProxy OVA (0.1.9) and vSphere 7 U1 Patch 02 to obtain the fix. The vSphere versions are:

  • vCenter: 17327586
  • ESXi: 17325551

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s