NSX-T // Edge in unknow status and datapath service is down
search cancel

NSX-T // Edge in unknow status and datapath service is down

book

Article ID: 345758

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
-  Edges are showing unknown status / DP (datapathd) fails to start

-  customer enables edge bridging on edge nodes

-  In the syslog of edge nodes, the following messages are logged:
2022-03-17T17:51:23.261Z S-NSX-EDGE-00-N.cloudvalley.local NSX 25441 FIREWALL [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="firewallcp" level="ERROR"] failed to build container cache: invalid attribute value FQDN
2022-03-17T17:51:23.211Z S-NSX-EDGE-00-N.cloudvalley.local 2681818e31eb 3667 - - 2022-03-17T17:51:23Z datapathd 25441 firewallcp [ERROR] failed to build container cache: invalid attribute value FQDN

Environment

VMware NSX-T

Cause

If edge bridging is enable on edge nodes, CCP (controller) sends DFW rules, which should be sent to host nodes only, to edge nodes. If DFW rules contain a function not supported by edge firewall, edge nodes cannot handle the unsupported DFW configuration; so that DP fails to start.

Resolution

This is a known issue in NSX-T version 3.2.0.1

Workaround:
- Remove or disable the DFW rules, which are not supported by edge firewall and then reboot the edge node in case removing/disabling the DFW didnt take effect
 - Could also put the edge nodes in exclusion list in order for DFW rules to not be applied on the edge nodes

Additional Information

Impact/Risks:
Some of the edge functions are not working, which cause edge nodes not passing traffic ( edge data plane crashes)

Powered by Wolken Software