NSX

Monthly NSX Customer Advisory – May 2017

In this communication, we detail the top trending issues with VMware NSX for vSphere and provide you with helpful information on how to address the issues while we build a permanent fix. Please review the left column of the chart below to search for issues specific to your environment, and click on the hyperlinks to access more detailed information on each.

For additional up-to-date, top trending NSX issues, previous and current, please see KB Article Trending support issues in VMware NSX for vSphere 6.x (2131154).

 

NSX for vSphere Version

Component Issue Summary Resolution/Work-Around

KB Number

6.2.x , 6.3.x ESXi ESXi 5.5 and 6.0 hosts fail with a purple diagnostic screen (PSOD): VMCIEventDelayedDispatchCB@com which occurs due to race condition in dvfilter vmci socket deregistration. This issue is resolved in ESXi 5.5 Patch 8 and ESXi 6.0 Patch 3.

To work around this issue, uninstall the dvfilter-dsa driver.

KB : 2149242
6.3.x ESXi Hosts fails with a purple diagnostic screen when retrieving flows for ALG enabled protocols. To work around this issue, disable flow monitoring related features: IPFix, LiveFlow, Application Rule Manager, Flow monitoring-global flow collection. KB : 2149908

 

Top Issues + Resolution / Workaround

NSX for vSphere 6.3.x, 6.2.x

Issue #1: Process to change VXLAN port from 8472 to 4789 may fail or never complete.

Affected Version: 6.2.x, 6.3.x

Symptom:

  1. The process may fail or never complete while changing the VXLAN port from 8472 to 4789 (standard port assigned by IANA).

Resolution: To resolve the issue, run the REST API calls to check the status of the job and resume the change. For more details, please refer to KB 2149996.

 

Issue #2: Guest Introspection USVM reports disk is full.

Affected Version: 6.3.x

Symptom:

  1. You receive an alert that the /var/log disk space is full or almost full on one or more of the Guest Introspection USVMs.
  2. This issue occurs as there is a problem with the internal log maintenance task that causes log files to grow indefinitely, eventually leading to a full disk situation.

Resolution:  To work around this issue delete the Guest Introspection USVM. Click on resolve to redeploy. For more details, please refer to KB 2149856.

 

Issue #3: Distributed Firewall (DFW) packets hitting Default Rule instead of previous Rule allowing/blocking designated traffic.

Affected Version: 6.2.x, 6.3.x

Symptom:

  1. In examining Distributed Firewall (DFW) behavior, you may see some packets having a source, destination, and protocol (service) defined in a configured rule hitting the Default rule at the very end of the firewall rule list.
  2. In the dfwpktlogs or in LogInsight, you may see that the SYN packets and the ACK packets are being processed by the configured rule allowing/blocking the defined traffic.
  3. For the same traffic, you see RST and FIN ACK packets hitting the default block/allow rule, meaning that it is not hitting the previously-configured rule.

Resolution: To verify the rules ascribed to the filter or vNIC, type the vsipioctl getrules -f <filtername> command. From this output, you can verify that the configured rule(s) are being applied to the virtual NIC as expected. For more details, please refer to KB 2149818

 

Issue #4: VMs are removed from Exclusion List while adding new VM.

Affected Version: 6.2.x, 6.3.x

Symptom:

  1. When attempting to add a virtual machine to the NSX Manager’s Exclusion List to remove the DFW filter from the virtual machine, all other existing excluded virtual machines disappear from the Exclusion List.
  2. In the Web UI, after making the second or duplicate attempt, you may see an error similar to:
    Member: VM is already present in exclude list.

Resolution: To avoid this issue, refresh the UI page before adding the VM to the exclusion list. Refreshing the UI will clear any stale sessions and ensure that if another user has already added the VM, it is now reflected in the UI. For more details, please refer to KB 2149997.

 

Issue #5: Backing up the NSX Manager to OpenSSH 7.x or later fails.

Affected Version: 6.2.x, 6.3.x

Symptom:

  1. This issue occurs because the SFTP jar files in the NSX Manager is out of date.

Resolution: To work around this issue, use OpenSSH version 6.x or earlier as your SFTP backup endpoint. For more details, please refer to KB 2150053.

 

Trending KB

Issue #1:  Re-installing NSX to upgrade vCNS Endpoint to NSX Guest Introspection.

Affected Version: 6.2.x, 6.3.x

Symptom: How to KB.

Resolution: The KB/Solution explains the procedure to upgrade from vCNS to NSX in the environments where vCNS is configured and used for Endpoint only. For more details, please refer to KB 2150140.

 

VMware Recommended release

VMware recommends NSX 6.2.6 for new deployments. The minimum version a customer should be running is NSX 6.2.2 based on critical bug fixes identified as having a general impact in an NSX environment. For more information, see Minimum recommended version for NSX for vSphere with GID, ESXi, and vCenter Server (2144295).

 

Have feedback on this NSX Customer Advisory?

We would like to hear from you. Send us your feedback by providing comments on the Feedback Box (available at the bottom of KB Article) Trending support issues in VMware NSX for vSphere 6.x (2131154).


Thank you for helping us continually improve this communication.

 

DO NOT FORGET

Subscribe to my.vmware.com to get timely notifications on NSX Product Releases, Fixes and upcoming patches.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *