"transport zone does not match with Projects transport zone" when creating a new project in VCF NSX 9.0
search cancel

"transport zone does not match with Projects transport zone" when creating a new project in VCF NSX 9.0

book

Article ID: 408394

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • This is a Federation setup with VCF NSX 9.0.

  • In the local manager, when attempting to create a new project: Manager, ADD PROJECT, Enter a Project name, the select the External Connection for Transit Gateway, you are presented with an error:

    Gateway connection /infra/gateway-connections/<name> transport zone does not match with Projects transport zone (Error:612856)

  • In the Local NSX manager log /var/log/proton/nsxapi.log the following entry shows the project creation with details including the transport zone it is using:

    nsx-1 NSX 6305 - [nsx@4413 audit="true" comp="nsx-manager" level="INFO" reqId="="########-8a31-49f2-abbe--############" subcomp="manager" update="true" username="<user>"] UserName="<user>", Src="<IP address>", ModuleName="Policy", Operation="PatchInfra", Operation status="failure", New value=[{"enforce_revision_check":true} {"resource_type":"OrgRoot","children":[{"children":[{"Project":{"default":false,"site_infos":[{"site_path":"/infra/sites/default","transport_zone_paths":["/infra/sites/default/enforcement-points/default/transport-zones/########-15bf-4fdd-a058-############"]}],"short_id":"<PROJECT_ID>","vc_folder":true,"activate_default_dfw_rules":true,"tgw_external_connections":["/infra/gateway-connections/<connection GW>"],"resource_type":"Project","id":"<PROJECT_ID>","display_name":"<PROJECT_ID>","path":"/orgs/default/projects/<PROJECT_ID>","relative_path":"<PROJECT_ID>","parent_path":"/orgs/default","remote_path":"/orgs/default/projects/<PROJECT_ID>","unique_id":"########-19fc-4f72-b594-############","realization_id":"########-19fc-4f72-b594-############","owner_id":"########-696a-40a9-9e77-############","marked_for_delete":false,"overridden":false,"_system_owned":false,"_create_time":<epoch time>,"_create_user":"<user>","_last_modified_time":<epoch time>,"_last_modified_user":"<user>","_revision":0},"resource_type":"ChildProject","marked_for_delete":false,"mark_for_override":false}],"target_type":"Org","resource_type":"ChildResourceReference","id":"default","marked_for_delete":false,"mark_for_override":false}],"marked_for_delete":false,"overridden":false,"_revision":-1}]

  • In the Local NSX manager log /var/log/proton/nsxapi.log, you see a similar error:

    nsx-1 NSX 6305 POLICY [nsx@4413 comp="nsx-manager" errorCode="PM612856" level="ERROR" reqId="########-8a31-49f2-abbe-############" subcomp="manager" username="<username>"] Gateway connection /infra/gateway-connections/<connection GW> transport zone does not match with Project's transport zone.

Environment

VCF NSX 9.0

Cause

In a Federated NSX environment, there are transport zones with duplicate internal keys in the NSX database (corfu), this is expected, as they are the global and local transport zone.

When configuring a Project with an external gateway connection, we need to ensure that external gateway's transport zone, is the same as the Projects transport zone. 

The NSX DB does a lookup based on the internal key, it may return the incorrect transport zone (global manager transport zone), leading to the transport zone mismatch and failure in Project creation.

Resolution

This is a known issue impacting VCF NSX 9.0.    

If you believe you have encountered this issue, please open a support case with Broadcom Support and refer to this KB article.

For more information, see Creating and managing Broadcom support cases.

Powered by Wolken Software