NSX Native Load Balancer Virtual Server and Pool Member Status 'Down' in NSX 4.2.0.x, 4.2.1 0, 4.2.1.1 and 4.2.1.2
search cancel

NSX Native Load Balancer Virtual Server and Pool Member Status 'Down' in NSX 4.2.0.x, 4.2.1 0, 4.2.1.1 and 4.2.1.2

book

Article ID: 387294

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • NSX native load balancer virtual server(s) and pool member(s) status displays as down in NSX UI:

NSX UI:  Networking > Load Balancers > Virtual Servers

NSX UI:  Networking > Load Balancers > Server Pools

 

  • 'NO NAT' rules are configured in the logical router (Tier-1 Gateway) that the load balancer with the above virtual servers and server pools is attached to.

To confirm, run the following command from the active edge node of the above logical router (Tier-1 Gateway):

edge> get firewall <T1 GATEWAY UPLINK UUID> ruleset rules   

DNAT rule count: 2
--
Rule ID   : [RULE ID]
Rule      : in protocol any natpass from any to ip [IP/MASK] nonat

 

  • 'Rx-Drops' and 'Port-Unsupported' counters are increasing on the backplane interface of the logical router (Tier-1 Gateway Service Router - SR) that the load balancer is attached to:

To confirm, run the following command from the active edge node of the above logical router (Tier-1 Gateway):

edge> get logical-router interface <T1 GATEWAY BACKPLANE INTERFACE UUID> stats
[TIMESTAMP]
interface   : [T1 GATEWAY BACKPLANE INTERFACE UUID]
ifuid       : [IFUID]
VRF         : [VRF UUID]
name        : bp-sr0-port
IP/Mask     : [IP/MASK IPv4;IP/MASK IPv6]
MAC         : [MAC ADDRESS]
VNI         : [VNI ID]
--
statistics
RX-Packets  : 55712
RX-Bytes    : 6758765
RX-Drops    : 5614         <--------------------
Blocked : 7
DST-Unsupported: 0
Firewall : 10
Malformed : 0
No-Receiver : 0
No-Route : 0
RPF-Check : 0
Protocol-Unsupported: 0
IPv6 : 0
Port-Unsupported: 5596     <--------------------

Environment

VMware NSX 4.2.0.x, 4.2.1 0, 4.2.1.1 and 4.2.1.2

Cause

Firewall rules are applied to the load balancer edge nodes loopback interfaces due to the introduction of a bug in VMware NSX 4.2.0.  

This can cause the NSX native load balancer service to go down if 'NO NAT' rules are configured in the logical router that the load balancer is attached to.

Resolution

This issue is resolved in VMware NSX 4.2.1.3, available at Broadcom downloads.

If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

 

Workaround

Identify and disable 'NO NAT' rules configured in the logical router that the load balancer with the above virtual servers and server pools is attached to.

NB:  Ensure that the above change will have no adverse impact in your environment before proceeding.

Powered by Wolken Software