Resequencing the duplicate sequence numbers of the GFW policies.
search cancel

Resequencing the duplicate sequence numbers of the GFW policies.

book

Article ID: 376782

calendar_today

Updated On:

Products

VMware NSX Firewall

Issue/Introduction

GFW policies with duplicate sequence numbers.(This could be the result of configuration issue of using the sequence number field in the API body)

GET https://<nsx manager>/policy/api/v1/infra/domains/default/gateway-policies
 
        {
            "resource_type": "GatewayPolicy",
            "id": "TEST",
            "display_name": "TEST",
            "path": "/infra/domains/default/gateway-policies/TEST",
            "relative_path": "TEST",
            "parent_path": "/infra/domains/default",
            "remote_path": "",
            "unique_id": "6d4c0184-3028-411c-8fed-0c6f884f0142",
            "realization_id": "6d4c0184-3028-411c-8fed-0c6f884f0142",
            "owner_id": "184afe34-b04b-42f1-893a-e7dc3dc893d0",
            "marked_for_delete": false,
            "overridden": false,
            "sequence_number": 100,>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Duplicate sequence numbers
            "internal_sequence_number": 50000100,
            "category": "LocalGatewayRules",
        },
        {
            "resource_type": "GatewayPolicy",
            "id": "TEST2",
            "display_name": "TEST2",
            "path": "/infra/domains/default/gateway-policies/TEST2",
            "relative_path": "TEST2",
            "parent_path": "/infra/domains/default",
            "remote_path": "",
            "unique_id": "8823a0c1-4c8d-46eb-9c5e-20f25d74a6b5",
            "realization_id": "8823a0c1-4c8d-46eb-9c5e-20f25d74a6b5",
            "owner_id": "184afe34-b04b-42f1-893a-e7dc3dc893d0",
            "marked_for_delete": false,
            "overridden": false,
            "sequence_number": 100,>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Duplicate sequence numbers
            "internal_sequence_number": 50000100,
            "category": "LocalGatewayRules",
        },
       
 
 

Environment

VMware NSX-T Data Center 3.X
Vmware NSX-T Data Center 4.X

Cause

This could be the result of misconfiguration of giving the sequence number field in the API body while configuring the policies.

Resolution

 

To resequencing the policies with duplicate sequence numbers:

 

This API is used to revise sequence number per policy: POST /policy/api/v1/infra/domains/{domain-id}/gateway-policies/{gateway-policy-id}?action=revise

 

Below workarounds to consider when there are multiple policies with the duplicate sequence number:

Workaround 1:

With the UI, Move the policies up/down on the NSX ui according to your configuration and then Publish. 

Then you can check the sequence number being allocated in order.(GET https://<nsx manager>/api/v1/domain/default/gateway-policies)

 

Workaround 2:

With the API,

Step 1: Use the below API to gather the GFW policies configuration:

GET https://<nsx manager ip>/policy/api/v1/infra?base_path=/infra/domains/default&type_filter=GatewayPolicy

++Gather the output body in a text file and then modify all the policies with the duplicate sequence number to your requirement ie., give the sequence number which is smaller or larger than the previous policy.(chosen sequence number should be unique)

 

Step 2: Copy the edited data into the body field of the below extended Patch and run the API call: 

PATCH https://{{policy_ip}}/policy/api/v1/infra

 

Re-sequenced output:

++We can see that the TEST2 policy's sequence number got changed to 75 from 100+++(Here, we required policy TEST2 above the TEST)
 
GET https://<nsx manager>/policy/api/v1/infra/domains/default/gateway-policies
{
    "results": [
        
        {
            "resource_type": "GatewayPolicy",
            "id": "TEST2",
            "display_name": "TEST2",
            "path": "/infra/domains/default/gateway-policies/TEST2",
            "relative_path": "TEST2",
            "parent_path": "/infra/domains/default",
            "remote_path": "",
            "unique_id": "8823a0c1-4c8d-46eb-9c5e-20f25d74a6b5",
            "realization_id": "8823a0c1-4c8d-46eb-9c5e-20f25d74a6b5",
            "owner_id": "184afe34-b04b-42f1-893a-e7dc3dc893d0",
            "marked_for_delete": false,
            "overridden": false,
            "sequence_number": 75, >>>>>>>>>>>>>>>>>>>>>>>>>Re-sequenced number
            "internal_sequence_number": 50000075,
            "category": "LocalGatewayRules",
        },
        {
            "resource_type": "GatewayPolicy",
            "id": "TEST",
            "display_name": "TEST",
            "path": "/infra/domains/default/gateway-policies/TEST",
            "relative_path": "TEST",
            "parent_path": "/infra/domains/default",
            "remote_path": "",
            "unique_id": "6d4c0184-3028-411c-8fed-0c6f884f0142",
            "realization_id": "6d4c0184-3028-411c-8fed-0c6f884f0142",
            "owner_id": "184afe34-b04b-42f1-893a-e7dc3dc893d0",
            "marked_for_delete": false,
            "overridden": false,
            "sequence_number": 100,
            "internal_sequence_number": 50000100,
            "category": "LocalGatewayRules",
        },
     
 
 
 

Additional Information



Powered by Wolken Software