NSX Tier-0 Logical Router Port (LRP) Missing from Tier-1 Realized-Entities API
search cancel

NSX Tier-0 Logical Router Port (LRP) Missing from Tier-1 Realized-Entities API

book

Article ID: 396384

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Environment has been upgraded to NSX 4.1.1 or above.
  • Tier-0 LRP (t-0_LRP) is missing from the Tier-1 realized-entities API output:

    GET https://<NSX-MANAGER-FQDN>/policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/tier-1s/<TIER-1-GATEWAY-ID>
    Example of expected API output:

    "extended_attributes": [
    {
    "data_type": "STRING",
    "multivalue": true,
    "values": [
    "<Router-Link-Default-IP-and-Subnet>",
    ],
    "key": "IpAddresses"
    },
    {
    "data_type": "STRING",
    "multivalue": false,
    "values": [
    "<VDR-MAC>"
    ],
    "key": "MacAddress"
    }
    ],
    "entity_type": "RealizedLogicalRouterPort",
    "intent_paths": [
    "/infra/tier-0s/<TIER-0-ID>",
    "/infra/tier-1s/<TIER-1-ID>"
    ],
    "resource_type": "GenericPolicyRealizedResource",
    "id": "<TIER-0-TIER-1-t0_lrp>",
    "display_name": "<TIER-0-TIER-1-t0_lrp>",
    "path": "/infra/realized-state/enforcement-points/default/logical-ports/<TIER-0-TIER-1-t0_lrp>"

    NB:  Tier-0 LRP output will be missing when issue is present.
  • Tier-1 RealizedLogicalRouterPort intent_path is missing from the Tier-0 realized-entities API output:

    GET https://<NSX-MANAGER-FQDN>/policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/tier-0s/<TIER-0-GATEWAY-ID>
    Example of correct API output:

    "extended_attributes": [
    {
    "data_type": "STRING",
    "multivalue": true,
    "values": [
    "<Router-Link-Default-IP-and-Subnet>"
    ],
    "key": "IpAddresses"
    },
    {
    "data_type": "STRING",
    "multivalue": false,
    "values": [
    "<VDR-MAC>"
    ],
    "key": "MacAddress"
    }
    ],
    "entity_type": "RealizedLogicalRouterPort",
    "intent_paths": [
    "/infra/tier-0s/<TIER-0-ID>",                                <--- Tier-0 intent path is present                     
    "/infra/tier-1s/<TIER-1-ID>"                                 <--- Tier-1 intent path is present 
    ],
    "resource_type": "GenericPolicyRealizedResource",
    "id": "<TIER-0-TIER-1-t0_lrp>",
    "display_name": "<TIER-0-TIER-1-t0_lrp>",
    "path": "/infra/realized-state/enforcement-points/default/logical-ports/<TIER-0-TIER-1-t0_lrp>"
    Example of incorrect API output:

    "extended_attributes": [
    {
    "data_type": "STRING",
    "multivalue": true,
    "values": [
    "<Router-Link-Default-IP-and-Subnet>"
    ],
    "key": "IpAddresses"
    },
    {
    "data_type": "STRING",
    "multivalue": false,
    "values": [
    "<VDR-MAC>"
    ],
    "key": "MacAddress"
    }
    ],
    "entity_type": "RealizedLogicalRouterPort",
    "intent_paths": [
    "/infra/tier-0s/<TIER-0-ID>"                                <--- Tier-0 intent path is present only                     
    ],
    "resource_type": "GenericPolicyRealizedResource",
    "id": "<TIER-0-TIER-1-t0_lrp>",
    "display_name": "<TIER-0-TIER-1-t0_lrp>",
    "path": "/infra/realized-state/enforcement-points/default/logical-ports/<TIER-0-TIER-1-t0_lrp>"
  • There is no direct functional impact but API consumers ie. Aria Operations for Networks, will not see the expected API output.

Environment

VMware NSX 4.1.1 or above

Cause

As of NSX 4.1.1, the Tier-0 RealizedLogicalRouterPort object (Tier-0 routerlink port connecting the Tier-1) is expected to be present in both the Tier-1 and Tier-0 realized-entities API.  This is achieved by adding both the Tier-0 and Tier-1 paths to the intent-paths of the RealizedLogicalRouterPort object.  

However, this process is not handled correctly for Tier-0 RealizedLogicalRouterPort objects that were created pior to NSX 4.1.1 and subsequently upgraded to NSX 4.1.1 or above or VCF 9.0.

In the above scenario, the Tier-0 LRP (t-0_LRP) will be missing from the Tier-1 realized-entities API output and the Tier-1 RealizedLogicalRouterPort intent_path will be missing from the Tier-0 realized-entities API output.

Resolution

This is a known issue that will be resolved in a later release of NSX and VCF.

If you believe you have encountered this issue, please open a support case with Broadcom Support and refer to this KB article.
For more information, see Creating and managing Broadcom support cases.

If you are contacting Broadcom Support about this issue, please also provide the following:

  1. NSX Manager support bundle
  2. Output of the following API calls:

    GET  https://<NSX-MANAGER-FQDN>/policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/tier-1s/<TIER-1-GATEWAY-ID>
    GET  https://<NSX-MANAGER-FQDN>/policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/tier-0s/<TIER-0-GATEWAY-ID>

  3. Output of the following command run from NSX Manager (root mode):

    /opt/vmware/bin/corfu_tool_runner.py -n nsx -t GenericPolicyRealizedResource -o showTable > /tmp/GenericPolicyRealizedResource.txt
Powered by Wolken Software