Unable to attach VMs to NSX-T Segment: "Failed to connect virtual device"
search cancel

Unable to attach VMs to NSX-T Segment: "Failed to connect virtual device"

book

Article ID: 330593

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • In the environment NSX-T Service Insertion is configured.
  • The VM can be connected to a standard PortGroup.
  • Every attempt to connect a VM to a NSX Segment will fail with the error:
    • Task name: Reconfigure virtual machine.
    • Target: <VM name>
    • Status: Failed to connect virtual device 'ethernetX' (Where X is the adapter number).
  • In the ESXi host log (/var/log/hostd.log) where this VM is running you can see similar message to:
    2021-04-17T03:42:54.716Z verbose hostd[2103208] [Originator@6876 sub=Vigor.Vmsvc.vm:/vmfs/volumes/c064685d-####-####-####-##########6d/NSX-TEST.vmx] NIC: connection control message: Failed to connect virtual device 'ethernet0'.
    



Environment

VMware NSX-T Data Center

Cause

The reason of this behavior is documented on this section of the documented on:  https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-21F88A86-DC1B-4AF9-B12B-0665D1A61285.html

In the NSX-T Data Center deployment, you need to ensure an overlay transport zone and overlay-backed logical switches exists.

East-West service insertion is applied to an entire NSX-T deployment. You can deploy the service at a cluster-level or a host-level.

With an east-west network introspection service enabled to introspect traffic between VMs, ensure the transport nodes that host these guest VMs and service VMs are configured with an overlay transport zone. Without an overlay transport zone and logical switches (segments), east-west service cannot be applied to traffic flowing between VMs. Even if all the segments on a VLAN-backed transport zone, you must configure a segment on an overlay-backed transport zone to apply the east-west service to the traffic.

A overlay-backed (GENEVE-backed) logical switch is provisioned internally and not visible on the user interface.

Even if you plan a deployment using only VLAN-backed segments, East-West traffic passes through overlay transport zones and overlay-backed segments. So, ensure that you create an overlay transport zone and GENEVE-backed segments. Without these requirements, during a vMotion, the guestVM on a host cannot be migrated to another transport node. The guestVM goes into Disconnected state causing configuration errors in the East-West service.

Resolution

To ensure the Service solution is working, the ESXi host Transport nodes needs to be added to an Overlay Transport Zone.