NSX uses Transport Node Profiles (TNP) to prepare ESXi Hosts within a vSphere cluster for use as NSX Transport Nodes (TN). The primary use of TNP in VCF is to prepare a single VDS for use with NSX Overlay networking by applying an Overlay Transport Zone (TZ) and configuring the Host TEP VLAN ID, defining the Uplink Profile and Host TEP IP addressing scheme (DHCP or NSX IP Pool).  Within NSX, a single TNP per vSphere cluster is required to deploy NSX Network Introspection (formerly Service Insertion) and Endpoint Protection (formerly Guest Introspection) at the vSphere cluster level - Network Introspection and/or Endpoint Protection are used by 3rd party solutions or NSX Distributed Malware Detection and Prevention.

A vSphere cluster can be lifecycled by vCenter in two manners - vSphere Lifecycle Manager (vLCM) Baselines (formerly VUM) or Images.  In VCF, the TNP is 'detached' from the vSphere cluster when using vLCM Baselines to support different Host TEP VLAN IDs across hosts within a vSphere cluster - specifically for stretch vSphere cluster deployments.  For a vLCM Image based cluster, the TNP remains permanently attached, and the Host TEP VLAN ID must be the same across all hosts within the entire vSphere cluster. In cases where the TNP is detached, 3rd party solutions with Network Introspections or Endpoint Protection or NSX Distributed Malware Detection and Prevention (which leverages Endpoint Protection), the deployment of the Service Virtual Machines  (SVM) is not possible.

Note: vLCM Baseline lifecycled domains were previously known as VUM lifecycled domains.  Management Workload Domains are always deployed with vLCM Baselines

The behavior depends upon the lifecycle mode used vLCM Baselines or vLCM Images), the vSphere cluster topology (Single-Site or Multi-Availability Zone), the Host TEP VLAN span, and Host TEP IP assignment method.

Note: The Management Domain uses the vLCM Baseline lifecycle model with vSAN storage only.

Note: This KB does not apply to VCF on VxRAIL deployments.

Single-Site

Multi-AZ / vSAN Stretch Clusters

Multi-AZ / Non-vSAN Stretch Clusters 

Workaround:

Manual Attach Process

For VCF 5.0.x:

• Apply the VCF-created Transport Node Profile following steps 1 thru 5 of Prepare ESXi Cluster Hosts as Transport Nodes by Using TNP

For VCF 4.5.x: 

• Apply the VCF-created Transport Node Profile following steps 1,4,6,7,9 of Prepare ESXi Cluster Hosts as Transport Nodes

Note: Do not create a new Transport Node Profile. Reuse the SDDC Manager Created Transport Node Profile

Note: To delete the entire vSphere cluster via the Cloud Foundation 'remove cluster' workflow, Service Insertion (SI) / Guest Introspection (GI) must first be undeployed and the TNP detached.

Service Insertion documentation       https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-986B7490-A87D-4CDD-84C0-CF8C4AE2B93C.html

Guest Introspection documentation  https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-277B7F6C-4115-4B13-BEC8-52C6562B8FD1.html