Static IPset not reported to containerset API call in NSX-v
Article ID: 321290
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
After installing NSX for vSphere 6.3.6, 6.4.1 or 6.4.2 or upgrading from previous versions to NSX for vSphere 6.3.6, 6.4.1 or 6.4.2, when an API call is made by a third party Service Insertion solution to NSX Manager to retrieve all the Static IP sets configured as part of Service Insertion, you see these symptoms:
After installing NSX for vSphere 6.3.6, 6.4.1 or 6.4.2 or upgrading from previous versions to NSX for vSphere 6.3.6, 6.4.1 or 6.4.2, when an API call is made by a third party Service Insertion solution to NSX Manager to retrieve all the Static IP sets configured as part of Service Insertion, you see these symptoms:
- The NSX Manager returns an empty config for IPSets or SecurityGroups containing IPSets. As a result, IPSets or SecurityGroups containing IPSets are reported empty to the third party Manager.
- The guest VMs protected by PAN or other third party firewall devices would drop the traffic as no rules match and hit default deny rule.
- Running the API call https://NSXMGR_IP/api/2.0/si/serviceprofile/serviceprofile-10/containerset/ does not return any IPs for IPSets or SecurityGroups containing IPSets.
For example:
"container": [
{
"id": "securitygroup-16",
"vsmUuid": "42080AD5-D890-04C9-31C2-8A457C5588ED",
"name": "Test-Container",
"description": null,
"revision": 11,
"type": "IP",
"generationNumber": 0,
"address": [], <<<< empty
"nicNodes": null,
"universal": false
},
Environment
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.4.x
Resolution
This issue is resolved in VMware NSX for vSphere 6.4.3, available at VMware Downloads.
Workaround:
To work around this issue, contact VMware Support and note this Knowledge Base article ID (57834) in the problem description. To contact VMware support, see Filing a Support Request in Customer Connect (2006985) or How to Submit a Support Request.
Feedback
Yes
No
Powered by
