Post vMotion several VMs on NSX overlay segments are not able to communicate outside of the NSX environment
Article ID: 422944
Updated On:
Products
VMware NSX
Issue/Introduction
- Following migration to a new host, certain VMs lose network connectivity outside the NSX environment and cannot be pinged from the ESXi host they reside on.
- Moving some of these VMs back to their original host might restore network communication in certain situations, but few may still experience loss of network connectivity on that original host
- Despite the host not able to ping the VM, the VM can ping its gateway and other VMs in different NSX overlay segments. We observe that E/W traffic is working fine, but N/S traffic is not.
- The NSX UI for the transport node cluster shows 'MPA Connectivity Down' state under 'Configuration State' for certain edge transport nodes. Additionally, alarms for these nodes report "Transport Node Certificate Expired".
Environment
VMware NSX
Cause
The transport edge node certificate expiration alarm indicates that the edge nodes are in a disconnected state with the NSX Managers, resulting in network disruption for N/S (North/South) bound traffic leaving the T0/T1 gateways.
Resolution
Follow this KB for updating the transport edge node certificates. Alarm For Transport Node Certificate Has Expired.
Feedback
Yes
No
Powered by
