Service Segment Deletion fails in VMware NSX-T Data Center 3.0.0
search cancel

Service Segment Deletion fails in VMware NSX-T Data Center 3.0.0

book

Article ID: 321299

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • VMware NSX-T Data Center 3.0.0 or earlier is deployed
  • Service Segment will be in a greyed out state and not cleaned up till all Instance Endpoints are deleted.
  • There is an entry on the logs similar to:
    There are InstanceEndpoints associated with ServiceAttachment <uuid>. Delete the InstanceEndpoint/s before attempting ServiceAttachment delete.



Environment

VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center 2.5.x

Cause

This issue occurs due to linked undeleted Instance Endpoints still referenced for EW deployment.

Resolution

This issue is resolved in VMware NSX-T Data Center 3.0.1 and later, available at Broadcom downloads.


Workaround

To work around this issue, ensure the deletion order is in reverse of the order of creation and also check every deletion is successful before going to the next step.


Deletion Steps

East-West Network Security - Chaining Third-party Services

Undeploy a Service for East-West Traffic Introspection

After partners deploy services and test redirection policies, as an administrator, if you need to undeploy service instance you need to follow a particular order.

Procedure

    1. From your browser, log in with admin privileges to an NSX Manager at <https://<NSXMGR_IP>.
    2. Verify the NSX Manager is in Policy mode.
    3. Select Security > East West Security > Network Introspection (E-W) > EW Redirection Policy.
    4. Click the | vertical ellipsis on the Section and click Delete Policy.
    5. Click Publish.
    6. Select System > Service Deployments > Deployment > EW Service.
    7. Click the | vertical ellipsis on the Service and click Delete.
    8. Click the DELETE button in the delete popup that appears next.
    9. Select Security > Settings > Network Introspection Settings > Service Chain > EW Service Chain.
    10. Click the | vertical ellipsis on the Service Chain and click Delete.
    11. Navigate to Security > East West Security > Network Introspection > Service Profiles > EW Service Profile.
    12. Click the | vertical ellipsis on the Service Profile and click Delete.
    13. Click Security > Settings > Network Introspection Settings > Service Segment > EW Service Segment.
    14. Click the | vertical ellipsis on the Service Segment and click Delete.

 

 

North-South Network Security - Inserting Third-party Service

Undeploy a Service for North-South Traffic Instrospection

After partners deploys services and test redirection policies, as an administrator, if you need to undeploy service instance you need to follow a particular order.

Procedure

    1. From your browser, log in with admin privileges to an NSX Manager at <https://NSXMGR_IP>.
    2. Verify the NSX Manager is in Policy mode.
    3. Select Security > East West Security > Network Introspection (N-S) > NS Redirection Policy.
    4. Click the | vertical ellipsis on the Section and click Delete Policy.
    5. Click Publish.
    6. Select System > Service Deployments > Deployment > NS Service.
    7. Click the | vertical ellipsis on the Service and click Delete.
    8. Click the DELETE button in the delete popup that appears next.

 

 



Powered by Wolken Software