VMs lose network connectivity after vMotion in an NSX-T environment
Article ID: 325102
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
/var/log/cfgAgent.log
- Virtual Machines permanently lose network connectivity after a vMotion
- On the vSphere Client the vNIC of the VM shows "Connected" to a Logical Switch
- The issue is temporarily resolved if the vNIC is disconnected and reconnected however the issue recurs on the next vmotion
- The issue is permanently resolved if the VM is added to and removed from the DFW Exclusion List
- At the time of the vmotion, the ESXi host contains logging similar to this
2019-08-29T14:51:08.163Z cpu53:3795337)NetX Classifier: need to register a classifier without a vif ID
2019-08-29T14:51:08.163Z cpu53:3795337)NetX DVF: error while refreshing SI filter: Bad parameter
2019-08-29T14:51:08.163Z cpu53:3795337)Failed to read config of filter nic-3798473-eth3-vmware-si.12: Bad parameter
2019-08-29T14:51:08.163Z cpu53:3795337)Failed to update vif id for filter () : Bad parameter
2019-08-29T14:51:08.163Z cpu53:3795337)NetX DVF: error while refreshing SI filter: Bad parameter
2019-08-29T14:51:08.163Z cpu53:3795337)Failed to read config of filter nic-3798473-eth3-vmware-si.12: Bad parameter
2019-08-29T14:51:08.163Z cpu53:3795337)Failed to update vif id for filter () : Bad parameter
/var/log/cfgAgent.log
2019-08-29T14:51:08.163Z NSX 3795320 - [nsx@6876 comp="nsx-controller" subcomp="cfgAgent" tid="F93B2700" level="panic"] vsipfw: VsipFWIoctl.cpp:sendIoctl():67 ioctl cmd 30 on device /dev/nsx-vsip failed: Invalid argument
2019-08-29T14:51:08.163Z NSX 3795320 - [nsx@6876 comp="nsx-controller" subcomp="cfgAgent" tid="F93B2700" level="error" errorCode="DFWERR_FILTER_UPDATE_CONFIG"] dfw: Failed to update filter config: Invalid argument
2019-08-29T14:51:08.163Z NSX 3795320 - [nsx@6876 comp="nsx-controller" subcomp="cfgAgent" tid="F93B2700" level="error" errorCode="DFWERR_FILTER_UPDATE_CONFIG"] dfw: Failed to update filter config: Invalid argument
Environment
VMware NSX-T Data Center 2.x
VMware NSX-T Data Center
VMware NSX-T Data Center
Cause
This problem occurs due to a failure to handle dvfilter processing correctly and has been observed following NSX-T upgrade.
Resolution
This issue is resolved in VMware NSX-T Data Center 2.5, available at VMware Downloads.
Workaround:
The issue can be permanently resolved by deleting and recreating the dvfilters associated with the VM vNICs.
To resolve individual VMs:
- Power off and power back on the VM (not a reboot)
or
- Add the VM to and remove from the DFW Exclusion List
To resolve all VMs:
Disable and re-enable the DFW
Note, enabling DFW may result in some TCP sessions being dropped and restarted where stateful rules apply.
Feedback
Yes
No
Powered by
