Impact L2 bridged traffic after MP upgrade from lower than NSX 4.2.0
search cancel

Impact L2 bridged traffic after MP upgrade from lower than NSX 4.2.0

book

Article ID: 410784

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Edge replacement was performed more than once in an edge cluster which serves L2 bridge before upgrade.

  • You see attachment is missing on its LogicalPort from GET https://nsx_manager_ip/api/v1/logical-ports:

    Bad Case:
     
    {
    "logical_switch_id" : "<UUID>",
    "admin_state" : "UP",
    "address_bindings" : [ ],
    "switching_profile_ids" : [ {
      "key" : "SwitchSecuritySwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "SpoofGuardSwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "IpDiscoverySwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "MacManagementSwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "QosSwitchingProfile",
      "value" : "<UUID>"
    } ],
    "ignore_address_bindings" : [ ],
    "internal_id" : "<UUID_#1>",
    "resource_type" : "LogicalPort",
    "id" : "<UUID_#1>",
    "display_name" : "Bridge endpoint port for <UUID_#2>",
    "tags" : [ {
      "scope" : "policyPath",
      "tag" : "/infra/segments/overlay-0/ports/default:<UUID_#1>"
    } ],
    "_create_time" : #############,
    "_create_user" : "nsx_policy",
    "_last_modified_time" : #############,
    "_last_modified_user" : "system",
    "_system_owned" : false,
    "_protection" : "REQUIRE_OVERRIDE",
    "_revision" : 5
}


    Good case:
     
    {
    "logical_switch_id" : "<UUID>",
    "attachment" : {
      "attachment_type" : "BRIDGEENDPOINT",
      "id" : "<UUID_#2>"
    },
    "admin_state" : "UP",
    "address_bindings" : [ ],
    "switching_profile_ids" : [ {
      "key" : "SwitchSecuritySwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "SpoofGuardSwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "IpDiscoverySwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "MacManagementSwitchingProfile",
      "value" : "<UUID>"
    }, {
      "key" : "QosSwitchingProfile",
      "value" : "<UUID>"
    } ],
    "ignore_address_bindings" : [ ],
    "internal_id" : "<UUID_#1>",
    "resource_type" : "LogicalPort",
    "id" : "<UUID_#1>",
    "display_name" : "Bridge endpoint port for <UUID_#2>",
    "tags" : [ {
      "scope" : "policyPath",
      "tag" : "/infra/segments/overlay-0/ports/default:<UUID_#1>"
    } ],
    "_create_time" : #############,
    "_create_user" : "nsx_policy",
    "_last_modified_time" : #############,
    "_last_modified_user" : "nsx_policy",
    "_system_owned" : false,
    "_protection" : "REQUIRE_OVERRIDE",
    "_revision" : 0
}


  • Impact L2 bridged traffic after MP upgrade and you see messages similar to the following in /var/log/syslog.log:

    ####-##-##T##:##:##.###Z edge NSX 1 FABRIC [nsx@6876 comp="nsx-edge" subcomp="nsxa" s2comp="lsport" level="INFO"] Delete lswitch port <UUID_#2>
####-##-##T##:##:##.###Z edge NSX 1 FABRIC [nsx@6876 comp="nsx-edge" subcomp="nsxa" s2comp="lsport" level="INFO"] Detach lport <UUID_#2> from lswitch <UUID>
####-##-##T##:##:##.###Z edge NSX 1 FABRIC [nsx@6876 comp="nsx-edge" subcomp="nsxa" s2comp="lport" level="INFO"] lport <UUID_#2> unrealized
####-##-##T##:##:##.###Z edge NSX 1 FABRIC [nsx@6876 comp="nsx-edge" subcomp="nsxa" s2comp="lsport" level="INFO"] Detach lport <UUID_#1> from lswitch <UUID>
####-##-##T##:##:##.###Z edge NSX 1 FABRIC [nsx@6876 comp="nsx-edge" subcomp="nsxa" s2comp="lport" level="INFO"] lport <UUID_#1> unrealized
####-##-##T##:##:##.###Z edge NSX 84069 SWITCHING [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="lswitch-flush" tname="dp-ipc12" level="INFO"] bridgeport entry (<UUID_#2>) deleted
####-##-##T##:##:##.###Z edge NSX 84069 FIREWALL [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="firewall" tname="dp-ipc12" level="INFO"] Deleted vlan bridging port <UUID_#2>
####-##-##T##:##:##.###Z edge NSX 84069 FIREWALL [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="firewall" tname="dp-ipc12" level="INFO"] Deleted lswitch port <UUID_#2>
####-##-##T##:##:##.###Z edge NSX 84069 FABRIC [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="dpc-pb" tname="dp-ipc12" level="INFO"] Delete lswitch port <UUID_#1>
####-##-##T##:##:##.###Z edge NSX 84069 FIREWALL [nsx@6876 comp="nsx-edge" subcomp="datapathd" s2comp="firewall" tname="dp-ipc12" level="INFO"] Deleted lswitch port <UUID_#1>

Environment

VMware NSX

Cause

  • attachment is missing in LogicalPort associated to L2 bridge after edge replacement in lower than NSX 4.2.0 due to the bug.
  • L2 bridge ports are removed after MP upgrade and impact L2 bridged traffic if edge replacement was performed more than once before MP upgrade.

Resolution

  • attachment missing issue is fixed in NSX 4.2.0.
  • In future versions, the behavior of bridge ports being removed when attachment is missing due to some reasons will be improved.

Workaround:
If you find attachment is missing in LogicalPort associated to L2 bridge, you can avoid this issue in advance as follows steps before MP upgrade. You can also restore removed bridge ports after MP upgrade.

  1. Create a new bridge profile with the exact same configuration as the existing one.  
  2. Delete the existing profile from the segment and apply the new profile to the segment.
Powered by Wolken Software