Publishing policies on Gateway Firewall fails with error "Internal error(1401) occurred on transport node<>" on Edge TN.
Article ID: 327342
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- You're unable to publish Firewall Rules on your T0s and T1s Gateway
- The error message is the following : "Internal error(1401) occurred on transport node<>"
- Log entries in the Edge logs :
2XXX-XX-XXXXX:XX:XXX datapathd 9406 firewalldp tname="dp-ipc31" [ERROR] No Service Cores Configured.. Cannot configure L7 Rule
2XXX-XX-XXXXX:XX:XXX aa-edgegw-1 datapath-systemd-helper 9265 - -
2XXX-XX-XXXXX:XX:XXX datapathd 9406 firewall tname="dp-ipc31" [ERROR] Failed to realize fw config for port: 4cXXXXX6-dXXa-4XXd-8XX6-eaXXXXXXX8 errorCode="EDG0400335"
- You're unable to publish Firewall Rules on your T0s and T1s Gateway
- The error message is the following : "Internal error(1401) occurred on transport node<>"
- Log entries in the Edge logs :
2XXX-XX-XXXXX:XX:XXX datapathd 9406 firewalldp tname="dp-ipc31" [ERROR] No Service Cores Configured.. Cannot configure L7 Rule
2XXX-XX-XXXXX:XX:XXX aa-edgegw-1 datapath-systemd-helper 9265 - -
2XXX-XX-XXXXX:XX:XXX datapathd 9406 firewall tname="dp-ipc31" [ERROR] Failed to realize fw config for port: 4cXXXXX6-dXXa-4XXd-8XX6-eaXXXXXXX8 errorCode="EDG0400335"
Environment
VMware NSX-T Data Center
Cause
The issue is related to Service Core not being configured on the Edge.
This prevents L7 Rules, Load-Balancing and other services that require Service_Core from functioning properly.
This prevents L7 Rules, Load-Balancing and other services that require Service_Core from functioning properly.
Resolution
This is known issue affecting NSX-T
Workaround:
The workaround is to enable service cores and restart data plane.
Enable service cores :
set debug
set dataplane service-core enabled
Restart data plane
restart service dataplane
Workaround:
The workaround is to enable service cores and restart data plane.
Enable service cores :
set debug
set dataplane service-core enabled
Restart data plane
restart service dataplane
Additional Information
- Use this command on the concerned Edge to check if Service Core is enabled :
aa-edgegw-1> get dataplane | find [Cc]orelist
Mon Nov 29 2021 CET 07:28:09.212
Corelist : 0,1,2,3,4,5,6,7,8,9,10,11
Fwpurge_corelist : 24
Service_corelist :
"Service_Corelist is empty in this example. "
Impact/Risks:
Unable to publish any new edge FW rule configuration
aa-edgegw-1> get dataplane | find [Cc]orelist
Mon Nov 29 2021 CET 07:28:09.212
Corelist : 0,1,2,3,4,5,6,7,8,9,10,11
Fwpurge_corelist : 24
Service_corelist :
"Service_Corelist is empty in this example. "
Impact/Risks:
Unable to publish any new edge FW rule configuration
Feedback
Yes
No
Powered by
