In NSX-T 3.2.0 or 3.2.0.1, the Edge Node dataplane service fails to start
search cancel

In NSX-T 3.2.0 or 3.2.0.1, the Edge Node dataplane service fails to start

book

Article ID: 312635

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • You are running NSX-T 3.2.0 or 3.2.0.1
  • Certain Edge Node functions may not be working causing the Edge Nodes to stop passing traffic.
  • In /var/log/syslog of The Edge Node, entries similar to the below would be observed:
2022-03-17T17:51:23.261Z S-NSX-EDGE-00-Node NSX 25441 FIREWALL [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="firewallcp" level="ERROR"] failed to build container cache: invalid attribute value FQDN
2022-03-17T17:51:23.211Z S-NSX-EDGE-00-Node 2681818e31eb 3667 - - 2022-03-17T17:51:23Z datapathd 25441 firewallcp [ERROR] failed to build container cache: invalid attribute value FQDN
The above messages indicate that edge nodes receives a container configuration using FQDN, which is not supported by the Edge Firewall.


Environment

VMware NSX-T Data Center 3.x
VMware NSX-T
VMware NSX-T Data Center

Cause

The Central Control Plane sends DFW (Distributed Firewall) rules to Edge Nodes, these DFW updates should typically only be sent to host nodes only. If DFW rules contain a function not supported by the Edge Firewall, Edge Nodes cannot handle the unsupported DFW configuration, consequently, the dataplane service fails to start.

Resolution

Currently there is no resolution to this issue.

Workaround:
Remove or disable the DFW rules containing invalid configuration, in the case of the example outlined in this article, it is FQDN but this could be caused by the Edge node receiving unsupported configuration.

Powered by Wolken Software