DFW rules using NSGroup as source or destination not matched for few seconds after vMotion
Article ID: 326343
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- DFW rules using NSGroup as source or destination are not matched for few seconds after a VM is vMotioned.
- The VM Logical Switch "IP Discovering" Switching profile only includes "VM Tools" or "VM Tools For IPv6" (i.e. other discovery options are disabled on the "IP Discovering" Switching profile).
- The NSGroup "IP Address" is decreased (by 1 or more depending on the number of IPs configured on the VM) for few seconds after vMotion.
- vMotion source ESXi host logs (nsxdavim.log) display message(s) similar to:
2019-12-09T18:26:28Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=modify ObjectType=VM Name=Windows-2008R2-VM B MoId=17 ChangeDataStart MacAddress=00:50:56:88:87:a8 MacKey=4000 DevName=Network adapter 1 LportAttachmentId=cc6a2cb8-98fc-4381-b8f9-61fa382045b4 BackingType=Opaque Name=config.hardware.device[4000] Operation=assign ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=modify ObjectType=VM Name=Windows-2008R2-VM B MoId=17 ChangeDataStart Name=runtime.powerState Operation=assign Value=poweredOff ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=leave ObjectType=VM MoId=17 ChangeDataStart ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=modify ObjectType=VM Name=Windows-2008R2-VM B MoId=17 ChangeDataStart Name=runtime.powerState Operation=assign Value=poweredOff ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=leave ObjectType=VM MoId=17 ChangeDataStart ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=modify ObjectType=VM Name=Windows-2008R2-VM B MoId=17 ChangeDataStart Name=runtime.powerState Operation=assign Value=poweredOff ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=leave ObjectType=VM MoId=17 ChangeDataStart ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=modify ObjectType=VM Name=Windows-2008R2-VM B MoId=17 ChangeDataStart Name=runtime.powerState Operation=assign Value=poweredOff ChangeDataEnd done]
2019-12-09T18:26:29Z nsxdavim: [ 126867 ] DEBUG Command processed. Result = [UpdateType=leave ObjectType=VM MoId=17 ChangeDataStart ChangeDataEnd done]
- vMotion destination ESXi host logs (nsxdavim.log) display message(s) similar to:
2019-12-09T18:26:52Z nsxdavim: [ 126847 ] DEBUG Command processed. Result = [UpdateType=modify ObjectType=VM Name=Windows-2008R2-VM B MoId=18 ChangeDataStart MacKey=4000 ipAddress=10.10.10.70ChangeDataEnd done]
Environment
VMware NSX-T Data Center
VMware NSX-T Data Center 2.x
VMware NSX-T
VMware NSX-T Data Center 2.x
VMware NSX-T
Cause
When using VMware tools "IP Discovering" a race condition issue may occur causing the IP address of the VM to be "deleted" from the NSGroup by the vMotion source ESXi host before it is "added" by the destination ESXi host. This condition may cause some DFW rules using the impacting NSGroup not to be applied for few seconds after vMotion.
Resolution
Currently, there is no resolution.
Workaround:
To workaround the issue enable another method for "IP Discovering" Switching profile.
Workaround:
To workaround the issue enable another method for "IP Discovering" Switching profile.
Feedback
Yes
No
Powered by
