vNIC fails to connect when using NSX Security and IPFIX
Article ID: 317766
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- You are using NSX Security.
- IPFIX (NetFlow) is enabled on the DVS or DVPG.
- When powering on VMs, the vNIC shows as "Connected" in vCenter. However, the network does not connect at an OS level.
- This issue only occurs when IPFIX is enabled, then a power-on operation (cold boot) is triggered on a VM. Other VM operations are not affected: vMotions, reboots.
- ESXi not prepared for NSX are not affected.
- ESXi log /var/run/log/vmkernel.log show messages similar to:
2022-07-25T11:32:45.308Z cpu27:22865473)nsxt-ipfix: IpfixDVPortParamWrite:708: [nsx@6876 comp="nsx-esx" subcomp="ipfix"]ipfixStatic->refCount:78, uplinkPortCount: 2,nonUplinkPortCount:76
2022-07-25T13:09:05.582Z cpu50:29205264)nsxt-ipfix: IpfixDVPortParamWrite:604: [nsx@6876 comp="nsx-esx" subcomp="ipfix"]IpfixDVPortParamWrite(0x4000101, com.vmware.etherswitch.port.ipfix)
2022-07-25T13:09:05.582Z cpu50:29205264)nsxt-ipfix: IpfixNSXPortPropSet:1964: [nsx@6876 comp="nsx-esx" subcomp="ipfix"]This logical switch port(0x4000101) cannot be configured by VDS.
2022-07-25T13:09:05.582Z cpu50:29205264)WARNING: nsxt-ipfix: IpfixDVPortParamWrite:713: [nsx@6876 comp="nsx-esx" subcomp="ipfix"]Failed to enable IPFIX on port 0x4000101: Not supported
2022-07-25T13:09:05.582Z cpu50:29205264)WARNING: NetDVS: 2777: Failed to write critical property com.vmware.etherswitch.port.ipfix on port 29, return :Not supported.
2022-07-25T13:09:05.582Z cpu50:29205264)nsxt-ipfix: IpfixDVPortParamWrite:604: [nsx@6876 comp="nsx-esx" subcomp="ipfix"]IpfixDVPortParamWrite(0x4000101, com.vmware.etherswitch.port.ipfix)
2022-07-25T13:09:05.582Z cpu50:29205264)nsxt-ipfix: IpfixNSXPortPropSet:1964: [nsx@6876 comp="nsx-esx" subcomp="ipfix"]This logical switch port(0x4000101) cannot be configured by VDS.
2022-07-25T13:09:05.582Z cpu50:29205264)WARNING: nsxt-ipfix: IpfixDVPortParamWrite:713: [nsx@6876 comp="nsx-esx" subcomp="ipfix"]Failed to enable IPFIX on port 0x4000101: Not supported
2022-07-25T13:09:05.582Z cpu50:29205264)WARNING: NetDVS: 2777: Failed to write critical property com.vmware.etherswitch.port.ipfix on port 29, return :Not supported.
Note: The preceding log excerpts are only examples. Date, time and environmental variables may vary depending on your environment.
Environment
VMware NSX
Cause
This is an issue where the port is misidentified as a LSP due to the IPFIX callback flag was not being set yet, resulting in the check failure.
Resolution
This issue is resolved in NSX-T 3.2.2.
Workaround:
There are two workarounds for this issue:
Workaround:
There are two workarounds for this issue:
- Disable IPFIX on the DVS or DVPG.
- Disconnect and reconnect the vNIC of the affected VM.
Feedback
Yes
No
Powered by
