VMware Tools runs on a VM and provides several services. One service that is essential to distributed firewall is associating a VM and its vNICs with IP addresses. Before NSX 6.2, if VMware Tools was not installed on a VM, its IP address was not learned. In NSX 6.2 and later, you can configure clusters to detect virtual machine IP addresses with DHCP snooping, ARP snooping, or both. This allows NSX to detect the IP address if VMware Tools is not installed on the virtual machine. If VMware Tools is installed, it can work in conjunction with DHCP and ARP snooping.

VMware recommends that you install VMware Tools on each virtual machine in your environment. In addition to providing vCenter with the IP address of VMs, it provides the following functions:

  • Allow copy and paste between VM and host or client desktop.
  • Synchronize time with the host operating system.
  • Allow shutdown or restart of the VM from vCenter.
  • Collect network, disk, and memory usage from the VM and send it to the host.
  • Determine VM availability by sending and collecting heartbeat.

Note that having two vNICs for a VM on the same network is not supported and can lead to unpredictable results around which traffic is blocked or allowed.

For those VMs that do not have VMware Tools installed, NSX will learn the IP address through ARP or DHCP snooping, if ARP and DHCP snooping is enabled on the VM's cluster.

IP addresses detected using ARP snooping are not removed automatically. In other words, there is no timeout for vNIC IP addresses that are detected using ARP snooping.