Scripted cleanup of stale logical ports on NSX segments
search cancel

Scripted cleanup of stale logical ports on NSX segments

book

Article ID: 324256

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

  • NSX environment 3.2.1.x or higher
  • Any release prior to NSX 4.2.0

Environment

VMware NSX-T Data Center
VMware NSX

Cause

Stale ports may arise in an environment for different reasons, automatic handling is planned for a future version.

Resolution

This issue is resolved in VMware NSX 4.2.0, available at Broadcom downloads.

If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

The fix will prevent stale ports from getting created in NSX version 4.2.0 and above, if stale ports exist prior to the upgrade, the upgrade does not remove them and they will still require the below workaround.

 

Security Only Environments

If the stale ports exist in a security only environment and the version is 4.2.0 or above, the following API can be used to sync with the compute manager:

POST /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point>/compute-managers/<compute-manager-id>/action/vds-full-sync

To retreive the compute manager ID run:

GET /api/v1/fabric/compute-managers

For example, the following API can be used when using the default site, enforcement point and compute manager ID 12345678-####-####-####-123456789123:

POST /policy/api/v1/infra/sites/default/enforcement-points/default/compute-managers/12345678-####-####-####-123456789123/action/vds-full-sync

Confirm if stale logical-ports are removed.

 

Workaround

On NSX 3.2.1.x or above 

1. Before proceeding, you must take an FTP based backup of the NSX Manager and ensure the passphrase is known
2. On 1 NSX Manager, copy the attached file, logical-migration.jar, to the location /opt/vmware/upgrade-coordinator-tomcat/temp/
3. Run the script in read only mode first to see if it identifies stale logical ports (-DStaleLogicalPortCleanUp.dryRun=true). Ensure you edit the user password in the field -DStaleLogicalPortCleanUp.password='AdminPassword' 

#java -Xms5g -Xmx10g -Dcorfu-property-file-path=/opt/vmware/upgrade-coordinator-tomcat/conf/ufo-factory.properties -Djava.io.tmpdir=/opt/vmware/upgrade-coordinator-tomcat/temp -DLog4jContextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector -Dlog4j.configurationFile=/opt/vmware/upgrade-coordinator-tomcat/conf/log4j2.xml -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/opt/vmware/upgrade-coordinator-tomcat/conf/logging.properties -Dnsx-service-type=nsx-manager -DStaleLogicalPortCleanUp.dryRun=true -DStaleLogicalPortCleanUp.userName=admin -DStaleLogicalPortCleanUp.password='AdminPassword'  -DStaleLogicalPortCleanUp.maxThreads=5  -DStaleLogicalPortCleanUp.batchSize=20  -DStaleLogicalPortCleanUp.maxTimeoutMinutes=30 -cp /opt/vmware/upgrade-coordinator-tomcat/temp/logical-migration.jar com.vmware.nsx.management.migration.impl.StaleLogicalPortCleanUp

4. After identifying the stale logical ports, run the script again without the dry run flag to allow it to remove the stale logical ports(where -DStaleLogicalPortCleanUp.dryRun=false)

#java -Xms5g -Xmx10g -Dcorfu-property-file-path=/opt/vmware/upgrade-coordinator-tomcat/conf/ufo-factory.properties -Djava.io.tmpdir=/opt/vmware/upgrade-coordinator-tomcat/temp -DLog4jContextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector -Dlog4j.configurationFile=/opt/vmware/upgrade-coordinator-tomcat/conf/log4j2.xml -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/opt/vmware/upgrade-coordinator-tomcat/conf/logging.properties -Dnsx-service-type=nsx-manager -DStaleLogicalPortCleanUp.dryRun=false -DStaleLogicalPortCleanUp.userName=admin -DStaleLogicalPortCleanUp.password='AdminPassword'  -DStaleLogicalPortCleanUp.maxThreads=5  -DStaleLogicalPortCleanUp.batchSize=20  -DStaleLogicalPortCleanUp.maxTimeoutMinutes=30 -cp /opt/vmware/upgrade-coordinator-tomcat/temp/logical-migration.jar com.vmware.nsx.management.migration.impl.StaleLogicalPortCleanUp

5. Confirm stale logical ports have been removed.

Additional Information

Note that running this script on a Global Manager in a Federated environment will return results saying that no stale logical ports are found. The stale ports created for the Global segments will be automatically cleaned after cleaning the stale ports from the associated Local Manager.

Attachments

logical-migration.jar get_app
Powered by Wolken Software