Virtual machines lose network connectivity when migrated to a rebooted ESXi host running NSX for vSphere 6.2.7/6.3.2
book
Article ID: 339240
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms: In an NSX for vSphere 6.2.7 and 6.3.2 environments where 3rd party service insertion through NetX, you see these symptoms:
After migrating virtual machines to an ESXi host that has been rebooted, virtual machines lose network connectivity and their vNIC is disconnected.
In the /var/log/vmkernel.log file of the ESXi host, you see entries similar to:
2017-06-08T05:36:50.235Z cpu94:41191)DVFilter: 3436: Could not find filter 'serviceinstance-1' 2017-06-08T05:36:50.235Z cpu94:41191)DVFilter: 5408: Failed to add filter serviceinstance-1 on vNic 0 slot 4: Not found 2017-06-08T05:36:50.236Z cpu94:41191)Net: 3640: dissociate dvPort 10564 from port 0x2000018 2017-06-08T05:36:50.236Z cpu94:41191)Net: 3646: disconnected client from port 0x2000018
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware NSX for vSphere 6.3.x VMware NSX for vSphere 6.2.x
Cause
This issue occurs because service instance and service profile are not configured correctly on the ESXi host.
Resolution
This issue is resolved in VMware NSX for vSphere 6.2.8
Note: This is a known issue affecting VMware NSX for vSphere 6.3.x.
To work around this issue if you do not want to upgrade, before migrating any production virtual machines to an NSX for vSphere 6.2.7/6.3.2 host that has been rebooted, confirm that the Service Profile is set using the vsipioctl getfilters.
If the service profile is not present, apply the workaround.
For the DFW, on the Host Preparation page, perform a Force Sync Services > Firewall for the problematic ESXi host.
For Service Profile Insertion, run the following REST API:
POST https://VSM-IP/api/2.0/si/host/host-X/config?action=apply
Note: Alternatively, a restart of the ESXi vsfwd message bus resolves this issue by running this command:
/etc/init.d/vShield-Stateful-Firewall restart
Additional Information
Impact/Risks: Virtual machine lose network connectivity and their vNIC is connected.