Fenced vApps are broken in vCloud Director 8.x with NSX 6.3.x

 

Updated with a fix!

 

I’m a huge fan of vCloud Director and the amazing product that NSX is; that being said this is not a knock against vCD or NSX but rather more of a “PSA”. Using vCloud Director and NSX is fantastic aside from this little bug/known issue. If you use fencing in your vCD 8.x environment and NSX 6.2.x do not upgrade just yet. Please see the notes here in a VMware KB about why upgrading to NSX 6.3.x in a vCD 8.x environment will break fenced vApps.

Here is a snip from the KB itself

In NSX 6.3.x Edge Gateways, a new route table is introduced (table 251) which is always looked up first for routes. The main table (table 254) is looked up only when the table 251 does not have a route. The issue occurs because the device routes (a /32 route for vApp VM) are auto-plumbed to the main table, whereas table 251 already has a default route in it. Therefore, since the table 251 already has a default route, the lookup never happens on the main table and hence the fenced vApp virtual machines lose connectivity.

VMware is still working on a fix internally and I’ll try to update this blog once I know more about the fix and when it is released.

 

***UPDATE***

 

Please see the following release doc stating the Fencing issue is fixed in 6.3.2

http://pubs.vmware.com/Release_Notes/en/nsx/6.3.2/releasenotes_nsx_vsphere_632.html

Enjoy!

Advertisements

vCNS / NSX + vCenter(s) + Single PSC potential license issues

During the course of upgrades/installs/adding capacity people hit many different errors. One such error or issue came up and I just want to make people aware going forward about it.

If you are thinking about adding NSX to your environment and are currently running vCNS please be careful if you are using a SINGLE PSC that your vCenters are connected to. Once you add a NSX license(EVAL or full license) it will AUTO UN-SELECT your vCNS license!vspherelicense1

Then if you are using something like vCloudDirector you might see errors like the following: “VSM response error (214): Not licensed for Entity : vcloud-netsec feature : vxlan : add on :”

vspherelicense2

To resolve this and revert back to your vCNS licenses, under Licenses click the Assets Tab, click on Solutions, select the license you want to assign again and then under the All Action gear dropdown you can click assign license. vspherelicense3.PNG

 

This is a short post but hopefully it will save some people frustration in the future.