VPN Tunnel Status for some Edge Gateways are not being accurately reflected in vCloud Director
Article ID: 339141
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- vCloud Director (vCD) and NSX shows different status for IPSec VPN Tunnel
- vCD shows IPSec Tunnel as DOWN even when it is up and passing traffic
Environment
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.2.x
Cause
This issue occurs because the PeerIP is sent in the incorrect format, preventing vCloud Director from finding an entry with that IP when updating the status of IPSec tunnel
When the Peer ID and Peer IP are the same, the PeerIP is sent in a format which vCloud is unable to parse correctly.
vCD is expecting the PeerIP to be in the format of X.X.X.X, but receives X.X.X.X<X.X.X.X>
For example:
Expected: peerIpAddress=192.168.1.202
Received: peerIpAddress=192.168.1.202<192.168.1.202>
peerID=192.168.1.202
peerIpAddress=192.168.1.202<192.168.1.202>
192.168.1.202 != 192.168.1.202<192.168.1.202>
As the two values do not match, the code returns a DOWN status for the Tunnel.
When the Peer ID and Peer IP are the same, the PeerIP is sent in a format which vCloud is unable to parse correctly.
vCD is expecting the PeerIP to be in the format of X.X.X.X, but receives X.X.X.X<X.X.X.X>
For example:
Expected: peerIpAddress=192.168.1.202
Received: peerIpAddress=192.168.1.202<192.168.1.202>
peerID=192.168.1.202
peerIpAddress=192.168.1.202<192.168.1.202>
192.168.1.202 != 192.168.1.202<192.168.1.202>
As the two values do not match, the code returns a DOWN status for the Tunnel.
Resolution
This issue is resolved in:
- VMware NSX for vSphere 6.2.7, available at VMware Downloads.
- VMware NSX for vSphere 6.3.1, available at VMware Downloads.
Additional Information
To be alerted when this document is updated, click the Subscribe to Article link in the Actions box.
Feedback
Yes
No
Powered by
