Beacon Probing Deep-Dive

 In Architecture, VMware, vSphere basics

A few weeks ago, on my on-site training one of the student asked about beacon probing. How exactly the technology works and what scenarios can be covered by beacon probing? Moreover, will beacon probing works with only two physical network adapters?

I have found out this question interesting because, from the configuration perspective, the beacon probing can be enabled by a single option and in the best-practice guide, it is recommended to use beacon probing. However, how this technology works internally?

Let’s have a look at the following network topology:


Beacon probing overview

Beacon probing is an advanced failure detection mechanism, that can be configured on the vSwitch. The default configuration is based on the link status only, but there might be a situation when the traffic is not passing over the network, but the physical links on the ESXi side are connected to the upstream switch.

The following options are available for Network failure detection:

  • Link status only: Relies only on the link status that the network adapter provides. This option detects failures such as removed cables and physical switch power failures.
  • Beacon probing: Sends out and listens for beacon probes on all NICs in the team, and uses this information, in addition to link status, to determine link failure.ESXi sends beacon packets every second. The NICs must be in an active/active or active/standby configuration because the NICs in an unused state do not participate in beacon probing.

Let’s have a look at the following diagram:


When the link status only option is selected, from the ESXi perspective the link is up, and it is used to forward the traffic, but the traffic will never reach its destination because the connection between the upstream switch and the core switch is broken.

When the beacon probing is used, the physical NIC is considered down, since based on the beacon probing mechanism ESXi hypervisor knows, that the link cannot be used to forward the traffic.

Beacon probing mechanism

When you enable beacon probing, each physical NIC connected to the vSwitch (or port-group) that have Network Failure detection set to beacon-probing will start to send specific beacons over the network.

Every NIC will send a specific Ethernet frame to all other physical NICs. If the destination NIC will not receive this particular beacon frame, it will be considered „down.“ The common misconception is that the destination of those frames is a broadcast address so that all NICs will receive the traffic.

That is not true. The frames are sent between source and destination NICs (MAC addresses).


ESXi with two NICs

If you have three or more NICs, the mechanism is pretty straight-forward, but what happens if you have only two NICs?

In this situation, you cannot determinate if the problem is caused by the sending NIC ort he receiving NIC.

There is a fallback mechanism that will be used in this situation. Since ESXi does not know which of the NIC is affected (but it knows that one of the NIC is affected), it will simply starts to duplicate the frames on both NICs


Detail frame examination

I think it is essential to understand the content of the frame, so let’s have a look at the frame structure itself:

You can see, that the source of the frame is 00:50:56:5d:f7:cb MAC address and the destination MAC address is 00:50:56:53:ad:07.

Those MAC addresses should seem familiar. The MAC address looks like an address for virtual machine or vmkernel, not the MAC address of the physical interface.

Let’s check on the ESXi level:


[root@esxi-prod-1:~] esxcfg-nics -l |grep -i vmnic6

vmnic6  0000:1c:00.0 nvmxnet3    Up  10000Mbps  Full   00:50:56:a9:d6:95 1500   VMware Inc. vmxnet3 Virtual Ethernet Controller

[root@esxi-prod-1:~] esxcfg-nics -l |grep -i vmnic7

vmnic7  0000:05:00.0 nvmxnet3    Up  10000Mbps  Full   00:50:56:a9:d8:af 1500   VMware Inc. vmxnet3 Virtual Ethernet Controller

[root@esxi-prod-1:~] esxcfg-nics -l |grep -i vmnic8

vmnic8  0000:15:00.0 nvmxnet3    Up  10000Mbps  Full   00:50:56:a9:db:41 1500   VMware Inc. vmxnet3 Virtual Ethernet Controller

[root@esxi-prod-1:~] esxcfg-nics -l |grep -i vmnic9

vmnic9  0000:0d:00.0 nvmxnet3    Up  10000Mbps  Full   00:50:56:a9:98:12 1500   VMware Inc. vmxnet3 Virtual Ethernet Controller

In my example, don’t be confused with the MAC since my LAB is based on nested ESXi servers, but in case of a physical server, you would see MAC addresses based on the physical NIC itself.

However, the frames are coming from different MAC addresses. Where did those get from? Each physical NIC has it’s own virtual MAC address that is used for the beacon probing.

[root@esxi-prod-1:~] vsish -e get /net/pNics/vmnic6/virtualAddr
Virtual MAC Address {
Virtual MAC address:00:50:56:53:ad:07

[root@esxi-prod-1:~] vsish -e get /net/pNics/vmnic7/virtualAddr
Virtual MAC Address {
Virtual MAC address:00:50:56:5d:f7:cb

[root@esxi-prod-1:~] vsish -e get /net/pNics/vmnic8/virtualAddr
Virtual MAC Address {
Virtual MAC address:00:50:56:55:d4:e7

[root@esxi-prod-1:~] vsish -e get /net/pNics/vmnic9/virtualAddr
Virtual MAC Address {
Virtual MAC address:00:50:56:5c:c6:8d

So now we know, what source and destination MAC addresses are used.

Let’s have a look at the raw frame:

First six octets are for the source MAC address followed by another six octets for the destination MAC address:

Next two octets identify the Ethernet Type. For the beacon frames VMware decide to use custom type 8922 as shown in the ethernet frame:

There are several interesting values in the frame content as well.

UUID of the ESXi host:

You can check against your ESXi host using esxcfg-info:

[root@esxi-prod-1:~] esxcfg-info |grep "System UUID"

|----World Command Line.................................grep System UUID

|----System UUID..............................................5c94a57e-bc3e-e397-d446-005056a9e83a

Source and destination vNIC used to send and receive the frame:

To determinate the vNIC name, you need to convert the PortNumber of the vNIC to HEX format. PortNumber can be determinate using net-stats command as shown in the following code output:

[root@esxi-prod-1:~] net-stats -l
PortNum          Type SubType SwitchName       MACAddress         ClientName
100663298           4       0 DvsPortset-0     00:50:56:a9:d8:af  vmnic7
100663300           4       0 DvsPortset-0     00:50:56:a9:d6:95  vmnic6
100663303           4       0 DvsPortset-0     00:50:56:a9:98:12  vmnic9
100663305           4       0 DvsPortset-0     00:50:56:a9:db:41  vmnic8

DEC to HEX conversion:

  • 100663298 = 6000002 = vmnic7
  • 100663300 = 6000004 = vmnic6
  • 100663303 = 6000007 = vmnic9
  • 100663305 = 6000009 = vmnic8

So we can see that the beacon was sent from vmnic6 to vmnic7 and we can crosscheck that against the virtual MAC addresses as well:

  • vmnic6 = 00:50:56:53:ad:07
  • vmnic7 = 00:50:56:5d:f7:cb


I hope that after reading the article, you have learned what the benefits of beacon probing are as well as you can fully understand the mechanism behind it.

I strongly suggest enabling the beacon probing in your environment since it increases the network availability quite a lot (depending on your physical network design).

Feel free to check official documentation as well:

Showing 5 comments
  • Anonymous

    Thank you very much for sharing this

  • Anonymous


  • Ven

    hmm So does that mean if we have two NICs for a vSwitch – we should not enable beacon probing?
    I read online and some articles suggest using 3 or more NICs.
    My ESXi servers has 9 NICs but of course the other NICs are used for other services like vMotion, NFS etc. The MGMT network however uses 2 NICs on standard switch, and have “link state only” configured- we had issues when the core switches were rebooted. Wanted to enable beacon probing but with the conflicting information, I am unable to decide

    It will be great if you can clarify.

    Thank you

  • Online Training

    Thank you so much for your terrific content!!

  • Dade

    Can you do this with 2x 10gig NICs and 1x 1gig NIC? Would you list the 1gig NIC as a standby NIC so the host doesn’t ordinarily send traffic over it? Or do all three NICs have to be active for BP to work? If you need all three to be active, is there a way to tell the host or vDS to “prefer” uplinks 1 and 2 (assuming those are assigned to the 10gig ports)?
    There is really very little information out there on how to properly implement this at the vDS or DPG level.

Leave a Comment

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt