SVM traffic not redirected when SVM management nic in NSX-T segments
search cancel

SVM traffic not redirected when SVM management nic in NSX-T segments

book

Article ID: 306211

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  1. Host-based E-W service insertion deployment failed to redirect traffic
  2. SVM management NIC has deployed in NSX-T Overlay or VLAN segment


Environment

VMware NSX-T Data Center
VMware NSX-T Data Center 3.x

Cause

This issue is seen only for HostBased deployments where a LogicalSwitch/Segment is used for MGMT networks.
Even though the SVM deployment succeeds, the configuration pushed down to the control plane is wrong and hence no ServicePath is getting generated.

Resolution

Fix will be available in NSX-T 3.1.3 and NSX-T 3.2.0

Workaround:
  1. Use cluster-based deployment
  2. Redeploy and change SVM management NIC to non-NSX portgroups


Additional Information

How to identify:

  1. Vsipioctl getsisvctable shows no service path available

/bin/vsipioctl getsisvctable
Service table has 1 entries
service table count 1
--------------------------------------------------------------------------------------------------------------------------------------------------
 PATH INDEX| UUID                                 | FWD SPI,SI,SCID   | FWD SERVICE MAC   | REV SPI,SI,SCID   | REV SERVICE MAC   | FAILURE POLICY|
--------------------------------------------------------------------------------------------------------------------------------------------------
a840daa7-3630-4ce6-####-############                                                                                          | ALLOW         |
--------------------------------------------------------------------------------------------------------------------------------------------------

  1. controller/service-insertion/service_insertion_dump shows all svms not computed

service chains not computed - [service chain uuid]:
40db69b6-ffac-4107-####-#############
-----------------------------------
service svms not computed - [service vm uuid]:
1b2e67dd-6de5-417a-####-#############, 3f057ef7-2d7b-4b82-####-#############, 447de215-93cf-####-#############, 68d66af4-c23b-478f--####-#############, 84f3141f-d1be-4db6--####-#############, 0c7343fc-844c-####-#############
-----------------------------------

  1. controller/mediator/mediator_dump has incorrect VIF UUID compares to ESXi and NSX Manager VIF UUID

UUID: 1b2e67dd-6de5-####-#############
id {
  1b2e67dd-6de5-####-#############
}
service_id {
  8d4df42a-f9ff-4189-####-#############
}
is_maintenance_mode: false
is_active: true
nsh_liveness_support: true
can_decrement_si: false
instance_end_points {
  mac {
    mac: 00:50:##:##:##:##
  }
  vif: "5eed17d6-4413-4c3c-####-############"   <- Wrong UUID
}

       "lport_attachment_id": "bd2259c1-612e-4d7a-####-##########",  <- Correct UUID
        "mac_address": "00:50:##:##:##:##",

  1. var/log/cloudnet/nsx-ccp.log would show such errors indicating SVM not binding to any TN

2021-06-24T04:33:30.949Z  INFO Owl-worker-7 SiServicePathComputationManagerImpl - - [nsx@6876 comp="nsx-controller" level="INFO" subcomp="service-insertion"] The service VM with ID 1b2e67dd-6de5-417a-####-############# and VIF 5eed17d6-4413-4c3c-####-############# is not currently connected to any TN