Stale NSX port groups observed on vCenter, though the Segments have been deleted from NSX
Article ID: 373354
Updated On:
Products
Issue/Introduction
The deleted segments from NSX still appear on the vCenter inventory.
Numerous stale NSX port group entries are present in vCenter, not linked to any virtual machines.
Environment
VMware NSX-T Data Center
VMware NSX
Cause
The issue stems from a race condition during the cleanup process across two different manager nodes.
- The Segment provider on one manager node initiated the cleanup after segment deletion.
- Simultaneously, the Segment binding map provider on a different manager node began its cleanup after binding map deletion.
The Segment provider successfully deleted the Logical Switch on its node. However, during the cleanup of the segment binding map, the Segment binding map provider attempted to update the same Logical Switch from its manager node to remove the relationship between the switch and the associated profile. This is the expected behavior for binding map cleanup. Because the update was initiated concurrently from a separate manager node, it resulted in the Logical Switch being inadvertently recreated.
Resolution
This issue is resolved in:
VMware NSX-T Data Center 3.2.4
VMware NSX 4.1.1 and higher
VMware NSX 4.2.0 and higher
Additional Information
Workaround
Stale entries can be removed from NSX using the following API call:
DELETE https://<NSX manager IP>/policy/api/v1/infra/segments/<Segment ID>
Important Note:
- To delete multiple NSX logical segments simultaneously, refer to the following KB: Scripted cleanup of stale logical ports on NSX segments
- If stale or leftover NSX Port Groups are visible only in the vCenter Distributed Port Group page (and not in the NSX UI), open a support case with Broadcom Compute Support team and refer to this KB article. For more information, see Creating and managing Broadcom support cases.
Feedback
