In NSX-T 3.2.0 or 3.2.0.1, the Edge Node dataplane service fails to start
Article ID: 312635
Updated On: 02-03-2025
Products
VMware NSX
Issue/Introduction
- VMware NSX-T Data Center 3.2.0 or 3.2.0.1 deployed.
- Certain Edge Node functions may not be working causing the Edge Nodes to stop passing traffic.
- In
/var/log/syslogof the Edge Node, entries similar to the below would be observed:
NSX-EDGE-00-Node NSX 25441 FIREWALL [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="firewallcp" level="ERROR"] failed to build container cache: invalid attribute value FQDN
NSX-EDGE-00-Node 2681818e31eb 3667 - - 2022-03-17T17:51:23Z datapathd 25441 firewallcp [ERROR] failed to build container cache: invalid attribute value FQDN
- The above messages indicate that edge nodes receives a container configuration using FQDN, which is not supported by the Edge Firewall.
Environment
VMware NSX-T Data Center
Cause
The Central Control Plane sends DFW (Distributed Firewall) rules to Edge Nodes, these DFW updates should typically only be sent to host nodes only. If DFW rules contain a function not supported by the Edge Firewall, Edge Nodes cannot handle the unsupported DFW configuration, consequently, the dataplane service fails to start.
Resolution
This issue is resolved in VMware NSX-T Data Center 3.2.4, available at Broadcom downloads.
If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.
Workaround
Remove or disable the DFW rules containing invalid configuration, in the case of the example outlined in this article, it is FQDN but this could be caused by the Edge node receiving unsupported configuration.
Feedback
Yes
No
Powered by
