1 | initial version |
I have brand new experience what this may mean alike - a server responds over different interface than one would expect/desire.
Imagine you have 2 subnets. X and Y. Client is on the Y, our VMWARE ESXI server on both due to vmkernel NICs on each. Client tries to reach server on its X address (instead of directly at Y), however server responds, due to flat routing stack, over its Y interface because client (flow source IP@) is right there ==> routing asymmetry. Simply only explanation to me how it detects and displays that message is that TCP SYN-ACK response comes from different MAC@ than initial SYN has as destination (Y subnet gateway).
We came to this by accident of one guy doing GUI HTTPS access, my central wireshark and even vmk0 (X subnet) dumps showing just cycles of client's SYN and RST packets, then finally client's wireshark showed this "unseen" segment and tracing back MAC@ withing infra got us to vmk1 server interface. Rather logical behavior, routers do exhibit the same. Easiest solution for guy was to access ESXI directly for Y subnet and fix our DNS infra with both IPs for ESXI server so DNS response would fit anybody accessing the server by name.