book
Article ID: 336536
calendar_today
Updated On:
Issue/Introduction
Symptoms:
During an upgrade to NSX for vSphere 6.4.6 with an sni related rule or when you are creating or configuring a new sni related rule in this version, you experience these symptoms:
- The upgrade fails.
- The creation or the configuration of the related rule fails.
Environment
VMware NSX for vSphere 6.4.x
Cause
This issue occurs because the sni rule with the keywords: req_ssl_sni, req.ssl_sni, ssl_fc_sni, ssl_fc_has_sni, are broken in NSX for vSphere 6.4.6.
The regular expression used to support LB application rule sni expression in 6.4.6, is not strict enough.
Resolution
This issue is resolved in VMware NSX Data Center for vSphere 6.4.7, available at
VMware Downloads .
Workaround:
To work around this issue:
- Log in to the NSX Edge as root.
- Change the line 879 in /opt/vmware/vshield/Plugins/features/lb/lb.pm as:
879 @indexes = grep { $script->[$_] =~ /^sni +.+/ } 0..$#$script;