Avi virtual Service in AWS is Down with "vNIC operation failed" Error
Article ID: 410422
Updated On:
Products
VMware Avi Load Balancer
Issue/Introduction
- An Avi Virtual Service deployed in an Amazon Web Services (AWS) cloud may fail to come up and will be marked as Down.
- The status of the Virtual Service will display the error message: "vNIC operation failed".
- Virtual service error screenshot:
Environment
AWS Cloud
Cause
- This issue occurs when the associated Avi Service Engine Group is configured with more than five AWS Security Groups.
- AWS imposes a default limit of five security groups per Elastic Network Interface (ENI).
- When this limit is exceeded, the following error can be found in the controller logs (/var/lib/avi/log/cc_agent_<cloud_name>.INFO), indicating that the maximum number of security groups has been reached:
-
ERROR aws/aws_go_utils.go:1561 SecurityGroupsPerInterfaceLimitExceeded: The maximum number of security groups per interface has been reached.
-
- This is a service quota imposed by AWS. For more details, refer to the official AWS documentation on Amazon VPC quotas.
Resolution
Resolution:
- To resolve this issue, you must request an increase for the "Security groups per network interface" quota within your AWS account.
- This can be done by creating a support case with AWS Support.
- Once AWS approves and applies the quota increase, the Virtual Service will be able to attach the required network interfaces and will come up successfully.
Workaround:
- As a workaround, you can reduce the number of security groups configured on the Service Engine Group to five or fewer.
- This aligns with the default AWS limit and allows the Virtual Service to deploy without a quota increase.
Additional Information
AWS error codes for EC2: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html
Feedback
Yes
No
Powered by
