Service Segment Deletion fails in NSX-T
search cancel

Service Segment Deletion fails in NSX-T

book

Article ID: 325140

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • Service Segment  is in a greyed out state and not cleaned up until all Instance Endpoints are deleted.
  • You see entries on the logs similar to:

    There are InstanceEndpoints associated with ServiceAttachment <uuid>. Delete the InstanceEndpoint/s before attempting ServiceAttachment delete.


Environment

VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center 2.5.x

Cause

This issue occurs because of linked un-deleted Instance Endpoints still referenced for EW deployment.

Resolution

This is a known issue affecting VMware NSX-T Data Center 2.5.1 and later versions and is fixed in VMware NSX-T Data Center 3.1.0.

Workaround:
To work around this issue, follow the deletion order in reverse of the order of creation and also check every deletion is successful before going to the next step. 

Deletion Steps

East-West Network Security - Chaining Third-party Services

Undeploy a Service for East-West Traffic Introspection

After partners deploy services and test redirection policies, as an administrator, if you need to undeploy service instance you need to follow a particular order.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at <https://<NSXMGR_IP>.
  2. Verify the NSX Manager is in Policy mode.
  3. Select Security > East West Security > Network Introspection (E-W) > EW Redirection Policy.
  4. Click the | vertical ellipsis on the Section and click Delete Policy.
  5. Click Publish.
  6. Select System > Service Deployments > Deployment > EW Service.
  7. Click the | vertical ellipsis on the Service and click Delete.
  8. Click the DELETE button in the delete popup that appears next.
  9. Select Security > Settings > Network Introspection Settings > Service Chain > EW Service Chain.
  10. Click the | vertical ellipsis on the Service Chain and click Delete.
  11. Navigate to Security > East West Security > Network Introspection > Service Profiles > EW Service Profile.
  12. Click the | vertical ellipsis on the Service Profile and click Delete.
  13. Click Security > Settings > Network Introspection Settings > Service Segment > EW Service Segment.
  14. Click the | vertical ellipsis on the Service Segment and click Delete.

North-South Network Security - Inserting Third-party Service

Undeploy a Service for North-South Traffic Instrospection

After partners deploys services and test redirection policies, as an administrator, if you need to undeploy service instance you need to follow a particular order.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at <https://NSXMGR_IP>.
  2. Verify the NSX Manager is in Policy mode.
  3. Select Security > East West Security > Network Introspection (N-S) > NS Redirection Policy.
  4. Click the | vertical ellipsis on the Section and click Delete Policy.
  5. Click Publish.
  6. Select System > Service Deployments > Deployment > NS Service.
  7. Click the | vertical ellipsis on the Service and click Delete.
  8. Click the DELETE button in the delete popup that appears next.


Powered by Wolken Software