VPN Tunnel Status for some Edge Gateways are not accurately reflected in vCloud Director
search cancel

VPN Tunnel Status for some Edge Gateways are not accurately reflected in vCloud Director

book

Article ID: 339141

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • vCloud Director (vCD) and NSX shows different status for IPSec VPN Tunnel
  • vCD shows IPSec Tunnel as DOWN even when it is up and passing traffic

Environment

  • VMware NSX for vSphere 6.3.x
  • VMware NSX for vSphere 6.2.x

Cause

This issue occurs because the PeerIP is sent in the incorrect format, preventing vCloud Director from finding an entry with that IP when updating the status of IPSec tunnel

When the Peer ID and Peer IP are the same, the PeerIP is sent in a format which vCloud is unable to parse correctly.
vCD is expecting the PeerIP to be in the format of X.X.X.X, but receives X.X.X.X<X.X.X.X>

For example:

Expected: peerIpAddress=192.168.1.202
Received: peerIpAddress=192.168.1.202<192.168.1.202>

peerID=192.168.1.202
peerIpAddress=192.168.1.202<192.168.1.202>

192.168.1.202 != 192.168.1.202<192.168.1.202>

As the two values do not match, the code returns a DOWN status for the Tunnel.

Resolution

This issue is resolved in:

  • VMware NSX for vSphere 6.2.7
  • VMware NSX for vSphere 6.3.1
Powered by Wolken Software