HCX fleet appliances "interconnect-appliances" tag missing and you observe network issues.
search cancel

HCX fleet appliances "interconnect-appliances" tag missing and you observe network issues.

book

Article ID: 416413

calendar_today

Updated On:

Products

VMware HCX

Issue/Introduction

  • You observe issues in the fleet appliance communication. 
  • HCX fleet appliance traffic, including NE appliance traffic, is dropped by NSX DFW firewall.
  • HCX fleet appliances are automatically tagged in NSX when deployed/redeployed with a tag named interconnect-appliances. 

NSX Manager UI >> Inventory >> Tags >> interconnect-appliances

NSX Manager UI >> Inventory >> Tags >> interconnect-appliances >> Assigned To

  • A group called interconnect-appliances is also created in NSX on first deployment which includes all appliances that are tagged with interconnect-appliance tag.

NSX Manager UI >> Inventory >> Groups >> interconnect-appliances

  • This group is added during initial deployment to the NSX DFW Excluded groups.

NSX Manager UI >> Security >> Distributed Firewall >> Settings >> User Excluded Groups

 

  • If the tag or the group is missing or if the group is not part of the Excluded groups then the appliance traffic is filtered by the DFW rules in place.

Resolution

Manually add the missing configuration

  • If a VM tag is missing you can proceed one of two ways
    • NSX Manager UI >> Inventory >> Tags >> interconnect-appliances >> Assigned To >> Edit
    • Redeploy affected appliance
  • NSX Manager UI >> Inventory >> Groups >> interconnect-appliances >> View Members >> verify Group definition tag configuration: 

  • NSX Manager UI >> Security >> Distributed Firewall >> Settings >> User Excluded Groups >> Manage Exclusion List >> Add Group
Powered by Wolken Software