After NSX-V to NSX-T Migration, Virtual Machines lose network connectivity after vMotioning to a new NSX prepared host.
Article ID: 317206
Updated On:
Products
VMware NSX
Issue/Introduction
This KB is intended to explain the cause of the symptom and provide a resolution.
Symptoms:
Symptoms:
Virtual Machines lose network connectivity after being migrated to a different NSX-T prepared host.
Log messages similar to the following are found in vmkernel.log:
2023-06-01T03:07:49.146Z cpu80:2098122)Restore state called for filter nic-256218306-eth0-vmware-sfw.2
2023-06-01T03:07:49.146Z cpu80:2098122)Sending message to cfgAgent to raising alarm for filter import failure
2023-06-01T03:07:49.146Z cpu80:2098122)unsupported version: 5
Environment
VMware NSX-T Data Center
VMware NSX 4.1.0
VMware NSX 4.0.0.1
VMware NSX-T Data Center 3.x
VMware NSX 4.1.0
VMware NSX 4.0.0.1
VMware NSX-T Data Center 3.x
Cause
Beginning in NSX-T 3.2, filter export versions less than 1000 are not supported during migration. See Configure Export Version of Distributed Firewall Filter on Hosts (vmware.com) for explicit details.
Resolution
For each host, complete the following steps.
name: nic-2112467-eth0-vmware-sfw.2
name: nic-2112467-eth1-vmware-sfw.2
name: nic-2112467-eth2-vmware-sfw.2
Current export version: 500
Current export version: 1000
Workaround:
A temporary workaround can be performed by disconnecting the VM from the NSX network, connecting it to a non-NSX network, and returning the VM to the NSX network
- Log into the command-line interface.
- Retrieve the Distributed Firewall filter for the host.
name: nic-2112467-eth0-vmware-sfw.2
name: nic-2112467-eth1-vmware-sfw.2
name: nic-2112467-eth2-vmware-sfw.2
- Use the filter information to retrieve the export version for the host.
Current export version: 500
- If the version is not 1000, set the export version by using any one of the following methods:
- Method 1: Run the vsipioctl setexportversion command.
- Method 2: Disable and then enable Distributed Firewall on the cluster.
In the vSphere Client, navigate to Networking and Security > Installation and Upgrade > Host Preparation. Select the cluster and click Actions > Disable Firewall. After the firewall is disabled, click Actions > Enable Firewall.
- Verify that the export version is updated
Current export version: 1000
Workaround:
A temporary workaround can be performed by disconnecting the VM from the NSX network, connecting it to a non-NSX network, and returning the VM to the NSX network
Additional Information
Configure Export Version of Distributed Firewall Filter on Hosts (vmware.com)
Impact/Risks:
After migration, VMs will have no network connectivity until their networks are disconnected and reconnected.
Impact/Risks:
After migration, VMs will have no network connectivity until their networks are disconnected and reconnected.
Feedback
Yes
No
Powered by
