NSX-T UI reports service insertion alarm that errors "SPF not enabled at port level on host <host UUID> and the status is down. Reason : Incorrect host switch config or missing key component.
search cancel

NSX-T UI reports service insertion alarm that errors "SPF not enabled at port level on host <host UUID> and the status is down. Reason : Incorrect host switch config or missing key component.

book

Article ID: 373549

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

The NSX-T UI reports service insertion alarm that errors "SPF not enabled at port level on host <host UUID> and the status is down. Reason : Incorrect host switch config or missing key component.

 

Symptoms:

 

  • In the NSX-T manager UI under: Home, Alarms, you see a Critical alert for:

Feature: Service Insertion

Event type: Service Insertion Infrastructure Status Down

Description: SPF not enabled at port level on host ########-####-####-####-############ and the status is down. Reason : Missing spf port or incorrect host switch config.

Recommended Action: Perform any corrective action from the KB and check if the status is up.

Reported by Node: <node>

 

  • SI setup removed and currently no SI in the NSX-T environment.

 

  • The Commands/net-dvs_-l.txt file shows the following host switch properties enabled.

 

  net-dvs -u com.vmware.nsx.spf.gvm -p <portid> <dvs-name>

  net-dvs -u com.vmware.nsx.spf.enabled -p <portid> <dvs-name>

  net-dvs -u com.vmware.port.extraConfig.serviceInsertion.gvm -p <portID> <dvs-name>

 

  • Manual resolve of alarm doesn’t help, the alarm triggers continually.

Environment

NSX-T Data Center.

Cause

The trigger for the alarm was improper SI removal, additionally an issue in current Alarm framework that it is fetching the status from cache library instead of checking the current status from the vertical.

Resolution

Workaround:

Restart ops-agent service from ESX host root shell.

/etc/init.d/nsx-opsagent restart

 

Resolution:

This issue is resolved in 4.2.1