Migration Coordinator Fails at Configuration Migration Step when IPs are separated with commas in NSX
search cancel

Migration Coordinator Fails at Configuration Migration Step when IPs are separated with commas in NSX

book

Article ID: 306237

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Issue occurs during Migration from NSX-V to NSX-T.
  • The migration coordinator fails with the message below and appears in the NSX Manager node running the migration coordinator, log file /var/log/migration-coordinator/v2t/summary.log

HTTP Error: 400: Field level validation errors: {value '#.#.#.#,#.#.#.#...' of property expression[0].ip_addresses[0] violates format 'address-or-block-or-range'} for url: http://localhost:6440/policy/api/v1/infra/domains/default/groups/ipaddress-group-b100dfb726345924cbed5ad4f2e############################

  • In the NSX Manager node running the migration coordinator, in log file /var/log/migration-coordinator/v2t/cm.log you see similar entries to 

2021-07-30 18:57:58,459 4589 CM.clients.base_client DEBUG API tracker: REQUEST method=PATCH, url=http://localhost:6440/policy/api/v1/infra/domains/default/groups/ipaddress-group-138926938f4bafb1005ebc53e#########################, non-session-headers=None, params=None, data={"display_name": "ipaddress-group-138926938f4bafb1005ebc##################", "expression": [{"resource_type": "IPAddressExpression", "ip_addresses": ["#.#.#.#,#.#.#.#"]}], "tags": [{"scope": "v_origin", "tag": "IPAddressExpressionGroup-ipaddress-group-138926938f4bafb1005ebc53e17f647c1579e#########################"}]}
2021-07-30 18:57:58,467 4589 CM.clients.base_client ERROR Failed to PATCH http://localhost:6440/policy/api/v1/infra/domains/default/groups/ipaddress-group-138926938f4bafb1005ebc53e######################### with status: 400 and reason: {
  "details" : "Field level validation errors: {value '#.#.#.#,#.#.#.#' of property expression[0].ip_addresses[0] violates format 'address-or-block-or-range'}",
  "httpStatus" : "BAD_REQUEST",
  "error_code" : 255,
  "module_name" : "common-services",
  "error_message" : "Field level validation errors: {value '#.#.#.#,#.#.#.#' of property expression[0].ip_addresses[0] violates format 'address-or-block-or-range'}"

Environment

VMware NSX 3.x

Cause

During the migration, the Migrator Coordinator uses the following API to create the group used in NSX-v firewall: PATCH /policy/api/v1/infra/domains/<domain-id>/groups/<group-id>.

This NSX-T API doesn't support list of IP separated by comma as documented here.


 

Resolution

This issue is resolved in VMware NSX 3.2.0.0, available at Broadcom downloads.


Workaround:

Based on the IP addresses reported in the error message or in the logs highlighted in the symptoms, navigate to the NSX-v firewall section and replace the IP separated by comma:

#.#.#.#,#.#.#.#

By two distinct object or a range.

Example:

{
    "display_name": "test",
    "expression": [
        {
            "resource_type": "IPAddressExpression",
            "ip_addresses": ["#.#.#.#,#.#.#.#,#.#.#.#"]=======>issue 
        }
    ]
}
However this format is incorrect. The correct format is:
{
    "display_name": "test",
    "expression": [
        {
            "resource_type": "IPAddressExpression",
            "ip_addresses": ["#.#.#.#","#.#.#.#","#.#.#.#"]=====> correct format 
        }
    ]
}
 

Additional Information

Impact/Risks:
The Migration of the environment from NSX-v to NSX-T cannot proceed.

Powered by Wolken Software