O'Reilly logo
  • pritam zare thinks this is interesting:

If an ARP request is received from a local VM and the ARP entry is not in the Security module’s ARP table, the Security module sends a query to the NSX Controller using the ESXi host’s Management VMkernel port.


Cover of VCP6-NV Official Cert Guide (Exam #2V0-641)


The reason the entry is not in the ARP table because there are chances that MAC address used by the VM is defined than the one configured in VMX file. Typically you get tend to think that VM is powered ON, Logical/VDS will learn the MAC Address and update the table.