Modifying Tier-0 Gateway fails with Error 500105 (DHCP Subnet Overlap)
search cancel

Modifying Tier-0 Gateway fails with Error 500105 (DHCP Subnet Overlap)

book

Article ID: 428847

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

When attempting to modify a Tier-0 (T0) Gateway in VMware NSX, the operation fails with the following error message: Address 100.96.0.0/16 overlaps with DHCP-servers path=[-] that has reserved subnet 100.96.0.0/30. (code 500105)

Environment

VMware NSX-T Datacenter 

Cause

The IP range 100.96.0.0/30 is a reserved internal range used by NSX for DHCP services on segments.

When the NSX DHCP service is enabled on a Tier-1 gateway, NSX automatically creates a hidden internal interface. This interface defaults to 100.96.0.1/30 to serve as the source for DHCP traffic. If a user-configured transit_subnet on the Tier-0 gateway (such as 100.96.0.0/16) overlaps with this reserved range, the system throws a validation error to prevent routing conflicts.

Note: This behavior is documented in the NSX REST API Guide.

Resolution

A permanent fix for this validation logic will be provided in a future release. In the meantime, you can resolve the conflict by updating the Tier-0 gateway's transit_subnets to a non-overlapping IP range using the NSX Policy API.

Workaround Steps:
1. Retrieve Current Configuration

Perform a GET call to fetch the current configuration of the affected Tier-0 gateway.

https://<NSX-Manager-IP>/policy/api/v1/infra/tier-0s/<tier-0-id>

Sample Response Snippet:

{
  "transit_subnets": ["100.96.0.0/30"],
  "internal_transit_subnets": ["169.254.0.0/24"],
  "ha_mode": "ACTIVE_ACTIVE",
  "failover_mode": "NON_PREEMPTIVE",
  ...
}

2. Prepare the Updated Payload

Copy the response body and modify the transit_subnets value to a different range (e.g., 100.64.0.0/16) that does not overlap with the reserved 100.96.x.x space.

Updated Payload Example:

{
  "transit_subnets": ["100.64.0.0/16"],
  "internal_transit_subnets": ["169.254.0.0/24"],
  "ha_mode": "ACTIVE_ACTIVE",
  "failover_mode": "NON_PREEMPTIVE"
}

3. Apply the Changes

Perform a PATCH call with the updated payload to the same endpoint.

https://<NSX-Manager-IP>/policy/api/v1/infra/tier-0s/<tier-0-id>

4. Verify Update

Execute the GET call from Step 1 again to ensure the transit_subnets field now reflects the new IP range and the error no longer persists during gateway modifications.

Additional Information

 

  • Impact: Users cannot update T0 configurations until the subnet conflict is resolved.

  • Reserved Ranges: Avoid using 100.96.0.0/30 for any manual transit or uplink configurations.

 

Powered by Wolken Software