Stale entries in the Realized IP list with old and new IP's persists in the dynamic group
search cancel

Stale entries in the Realized IP list with old and new IP's persists in the dynamic group

book

Article ID: 385714

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

VM's were migrated from Non-NSX-T datacenter to NSX-T datacenter and noticing old IP's and new IP's under Group "Effective Member list" .

Stale realized IP entries are present for most machines and are being injected into dynamic security groups, with multiple IP addresses reported for many virtual machines.

The segment was using the 'default-ip-discovery-profile' with 'Trust on First Use' enabled, which led to old IPs persisting in the realized IP list because the default IP discovery profile, with 'Trust on First Use' enabled.

 

The default profile is un-editable and can only store one IP address per VM, causing issues when a VM’s IP changes.

- On a specific Group -- Effective Members we can see 10 Virtual Machines and 20 IP address which includes new and old IP's.

 

Environment

VMware NSX 4.1.2.3

 

Cause

The 'Trust on First Use' option is the default profile adds IPs to the IpDiscoveryPersistedBinding table, and the old entries are not being removed/updated when there is a IP change in the environment.

Resolution

- Create a new customized "Segment Profile" for "IP Discovery" by disabling "TOFU" and map it to the existing NSX segment.

- We would need to map the new "IP Discovery" profile to the existing NSX segment.
- VM Tools" and "ARP Snooping" would be using new IP and the old IP will be cleared.

 

Powered by Wolken Software