Stale Tier-1 Logical Router Port Associated with a Previously Connected logical-switch
search cancel

Stale Tier-1 Logical Router Port Associated with a Previously Connected logical-switch

book

Article ID: 428193

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

 

  • Logical switches and DHCP scopes were configured using NSX Manager mode rather than Policy mode.

  • The logical switch and DHCP configuration were subsequently deleted or edited.

  • Traffic for the subnet previously defined on the logical switch continues to be advertised and is blackholed at the Tier-1 gateway.

 

Environment

VMware NSX

Cause

Managing networking objects through NSX Manager mode can introduce stale or orphaned objects that are not automatically reconciled when configuration changes are made. For this reason, Manager mode is not recommended for day-to-day configuration changes, and Policy mode should be preferred to reduce the risk of inconsistencies.

In this environment, after changing the NSX DHCP server configuration to avoid overlap with the ESXi management network, the Tier-1 logical router continued to advertise a connected route associated with a previously connected logical switch (192.168.##.0/24). This occurred because the downlink logical router port connected to that logical switch remained configured and attached.

As a result, traffic destined for that logical switch was forwarded toward a Tier-1 logical router port with no active endpoints, resulting in traffic being dropped.

Resolution

Remove the Tier-1 downlink logical router port associated with the previous logical-switch using the NSX Manager API:

  1. Identify the Tier-1 downlink logical router port associated with the previous logical-switch by gathering its UUID:

    get logical-router # interface

    Example output:

    Interface        IP                 Urpf-Mode              Admin-State-Up   UUID
    T1-####-dlrp     192.168.##.1/24     URPF_MODE_STRICT_MODE  true             ####7a

  2. Remove the Tier-1 downlink logical router port using the NSX Manager API with cascade and force options enabled:

    Before removing the downlink logical router port, verify that the router port, the associated logical-switch, and any logical ports attached to it are no longer in use.

    DELETE https://<nsx-mgr>/api/v1/logical-router-ports/<logical-port-UUID>


If the API call does not resolve the issue, contact Broadcom Support for further assistance.

Additional Information

For reference about API and API parameters see:

NSX-T Data Center REST API

Powered by Wolken Software