LR port subnet overlaps with NAT service(s) IP(s).
Article ID: 409013
Updated On:
Products
VMware NSX
Issue/Introduction
- T1 gateway will be in failed status.
- The error looks more like "[error_code=10119, module_name=ROUTING, error_message='[Routing] LR port subnet overlaps with NAT service(s) [NatRule/XXXXX-XXXXX-XXXX-XXXX, NatRule/XXXXX-XXXXX-XXXX-XXXX] IP(s).']"
- In the UI there will be no alarms found for this in open state.
- No NAT rule IP conflict found.
Environment
NSX 3.x, 4.x
Cause
Stale entries about the previous configuration causing the realization errors on the T1 gateway.
Resolution
Make a full back up of the NSX managers and move forward with the below procedure :
- Capture the below two command outputs :
/opt/vmware/bin/corfu_tool_runner.py -n nsx -o showTable -t GenericPolicyRealizedResource > gprr.txt /opt/vmware/bin/corfu_tool_runner.py -n nsx -o showTable -t Alarm > alarm.txt - Look for the line : ""realizationState": "REALIZATION_STATE_ERROR"" in the gprr.txt
- Make a note of the "stringId" under Key section. It should look more like :"/infra/realized-state/enforcement-points/default/logical-ports/Staleentryname"
- Look for NAT Rule IDs mentioned in the alert from the alarm.txt.
- Make a note of the "stringId" under the Key section. It should look like : "infra/realized-state/enforcement-points/default/logical-ports/Staleentryname/alarms/StaleAlarmIF"
- Use the commend with the body here to clean the stale entries :
POST https://<nsx-mp-ip>/policy/api/v1/troubleshooting/infra/tree/realization?action=cleanup { "paths":[ "/infra/realized-state/enforcement-points/default/logical-ports/StaleEntryName", "/infra/realized-state/enforcement-points/default/logical-ports/StaleEntryName/alarms/StaleAlarmID" ] } - Give it 10 minutes for the realization to complete and the stale entries should be cleared.
In case if the error persists please log a case with Broadcom support team with the error and log bundle.
Feedback
Yes
No
Powered by
