Avi LB not creating Pool Service Object for non default ports when pool is attached to VS for NSX-T cloud
search cancel

Avi LB not creating Pool Service Object for non default ports when pool is attached to VS for NSX-T cloud

book

Article ID: 393441

calendar_today

Updated On: 04-07-2025

Products

VMware Avi Load Balancer

Issue/Introduction

  • When utilizing an NSX security group and there are not yet any members in that group, the service object does not get created as expected on Avi LB. Usual behavior is upon attaching a pool to a VS, it should be creating a Service object containing all of the pool ports.
  • This issue occurs when the Avi Pool is configured to point to an NSX Security Group that doesn't have any backing members on NSX > Services.
  • In the /opt/avi/log/cc_agent_go_<cloud>.log on the controller, we can see that it attempts to create the group, but fails because it's saying there's no entries: 
    2025-02-18T05:21:02.156Z        ERROR   nsxtlib/nsxt_dfw.go:497 [avlb-*-*-cluster-*-166d-43c8-b92c-*-pool-*-19b9-4e96-a45b-98dd8baff415] Data: &{ avlb-nonprod-*-*-*-foo-pool-iz1 0 []  [0xc004a7c2e0 0xc004a7c300 0xc004a7c320 0xc004a7c360]} - Error: Unable to process a service path=[/infra/services/avlb-*-*-cluster-*-166d-43c8-b92c-*-pool-*-19b9-4e96-a45b-98dd8baff415]. A service must have at least one service entry.
    2025-02-18T05:21:02.156Z        ERROR   nsxt/nsxt_dfw_actions.go:989    [avlb-*-*-cluster-*-166d-43c8-b92c-*-pool-*-19b9-4e96-a45b-98dd8baff415] Failed to update NSService, error Unable to process a service path=[/infra/services/avlb-*-*-cluster-*-166d-43c8-b92c-*-pool-*-19b9-4e96-a45b-98dd8baff415]. A service must have at least one service entry.

Environment

NSX-T Cloud with Avi

Cause

  • This is a day one issue on Avi LB. NSX-T Cloud connector does not use the default server port if there are no servers in the pool.

Resolution

  • Workaround: If the customer is using standard port(80 or 443) for the "Default Server Port" field, then they can use NSX default service as NSX by default provides services for well known ports. 
  • This issue is scheduled to be fixed in Avi version 31.1.1-2p2 and 31.2.1.