Config mismatch for edge node network interface fails to resolve even with valid segment or distributed portgroup connected.
search cancel

Config mismatch for edge node network interface fails to resolve even with valid segment or distributed portgroup connected.

book

Article ID: 376776

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

  • Config mismatch alarm for network interfaces of edge is raised warning that VC and NSX are mismatched for their network connectivity.

  • The edge is connected to a valid network (a DPG or an NSX VLAN segment).

  • When attempting to resolve to the current edges VC configuration for the interface it fails with an error message as below:

error_message": "[Fabric] Network interface '########-####-####-####-############' is either an overlay logical switch or in an unaccessible Transport zone. Only accessible VLAN logical switches are supported.

 

Environment

VMware NSX
VMware NSX-T Data Center

Cause

In some edge creation processes the edge has its compute_id stored as vc_id:domain-xxx instead of the intended domain-xxx value. This can cause a mistake in the validation check of the segments connected to the edge node, leading to an incorrect blocking of the mismatch resolve via the GUI. 

Resolution

Fixed in VMware NSX 4.2.1

Workaround 

You can remedy the individual broken edge configuration using the addOrUpdatePlacementReferences API to update the incorrect compute id format.
The below work around is best performed while the individual edge node is in maintenance mode to ensure no impact will be observed.

The API must be constructed using these steps.

Step 1. Get the existing edge config using the API:GET https://<NSXManager-iporfqdn>/api/v1/transport-nodes/<edge-tn-uuid

Step 2. Copy "vm_deployment_config" from Step 1 API output and edit it as below.

 

  • Currently the "compute_id" field is present in format "vc_id:domain-xxxx". Modify this to "domain-xxxx" by removing "vc_id:" prefix, eg "compute_id":vc_id:domain-xxxx >> "compute_id":domain-xxxx

  • In "data_network_ids" field update network ids with moref id of segment/DPG from Vcenter, the API output will currently be the old NSX held value and needs to be replaced with the current VC connected one (to correct the mismatch). This moref-id of the segment/dpg can be obtained by navigating to VC > Networks > selecting the current edge connected network > Review the URL for the format below.

    https://<VC IP>/ui/app/dvportgroup;nav=n/urn:vmomi:DistributedVirtualPortgroup:<required dvportgroup>:########-####-####-####-############/

 

From this note down this dvpg moref id highlighted by <required dvportgroup> . Update this moref id in "data_network_ids" field, this may require multiple networks, the data_network_ids should list all the current non management networks connected to the node.

eg.

"data_network_ids": [
                    "<required dvportgroup>",
                    "<required dvportgroup2>"

  •  Save this updated "vm_deployment_config" payload.

 

Step 3. Copy "node_settings" from Step 1 payload as it is.

Step 4. Prepare "node_user_settings" field as below:

"node_user_settings":{
      "cli_username":"admin",
      "root_password":"<password>", <<<<<<< edge node root password
      "cli_password":"<password>"   <<<<<<< edge node cli password
 }

Step 5. Get vm_id

You can get VM moref id just by clicking edge VM in VCenter. You will see URL similar to below in browser as per the portgroup ID, however this time select the edge and not the networks of the edge.
https://{VCenter-IP}/ui/app/vm;nav=h/urn:vmomi:VirtualMachine:<vm-xx>:########-####-####-####-############/summary

Store vm-xx as vm_id

Step 6. Now prepare payload for addOrUpdatePlacementReferences API by replacing the values gathered above in the format:

    {
      "vm_id":<vm-xx from step 5>,
      "vm_deployment_config": <payload "vm_deployment_config" from Step 2>,
      "node_user_settings": <Get payload "node_user_settings" field from Step 4>,
      "node_settings": Get payload "node_settings" from Step 3
    }

Step 7: Finally fire POST https://{manager-ip}/api/v1/transport-nodes/{edge-tn-uuid}?action=addOrUpdatePlacementReferences api with combined payload from Step 6
Step 8: From within the GUI check the interface is correctly mapped from within the NSX GUI, a re-selection of the interfaces may be required, reselect the ones already connected within the VCenter.

An example full body of the call is below:

{
  "vm_id": "vm-xx",
  "vm_deployment_config": {
    "vc_id": "########-####-####-####-############",
    "compute_id": "domain-xx",
    "storage_id": "datastore-xx",
    "management_network_id": "dvportgroup-xx",
    "ipv4_assignment_enabled": true,
    "management_port_subnets": [
      {
        "ip_addresses": [
          "10.10.10.10"
        ],
        "prefix_length": 24
      }
    ],
    "default_gateway_addresses": [
      "10.10.10.1"
    ],
    "data_network_ids": [
      "dvportgroup-xx"
    ],
    "reservation_info": {
      "memory_reservation": {
        "reservation_percentage": 100
      },
      "cpu_reservation": {
        "reservation_in_shares": "HIGH_PRIORITY",
        "reservation_in_mhz": 0
      }
    },
    "resource_allocation": {
      "cpu_count": 4,
      "memory_allocation_in_mb": 8192
    },
    "placement_type": "VsphereDeploymentConfig"
  },
  "node_settings": {
    "hostname": "##########",
    "enable_ssh": true,
    "allow_ssh_root_login": true,
    "enable_upt_mode": false
  },
  "node_user_settings": {
    "cli_username": "admin",
    "root_password": "xxx",
    "cli_password": "xxx"
  }
}