Hello,
We have updated NSX-T from 3.0.0 to 3.0.1 for testing purpose and came across an issue while configuring BGP on a VRF router with error
"Only ECMP enabled BGP aggregate to be configured for VRF BGP routing".
While looking at the log on nsx manager we can see that:
2020-08-18T14:32:06.619Z ERROR http-nio-127.0.0.1-6440-exec-93 BgpRoutingConfigServiceImpl - POLICY [nsx@6876 comp="nsx-manager" errorCode="MP503175" level="ERROR" reqId="e00c0b8d-559b-48e6-841b-0c2fbad67cb2" subcomp="policy" username="admin"] BGP config is not allowed in vrf tier0
2020-08-18T14:32:06.620Z WARN http-nio-127.0.0.1-6440-exec-93 ProtectionAspect - SYSTEM [nsx@6876 comp="nsx-manager" level="WARNING" reqId="e00c0b8d-559b-48e6-841b-0c2fbad67cb2" subcomp="policy" username="admin"] Managed Resource (com.vmware.nsx.management.internal.security.authz.ProtectionAspect) without proper calling info: _nsxCaller=admin _nsxIsAdmin=true _nsxContext=/policy/api/v1/infra
2020-08-18T14:32:06.620Z INFO http-nio-127.0.0.1-6440-exec-93 AuditingServiceImpl - - [nsx@6876 audit="true" comp="nsx-manager" level="INFO" reqId="e00c0b8d-559b-48e6-841b-0c2fbad67cb2" subcomp="policy" update="true" username="admin"] UserName="admin", ModuleName="PolicyConnectivity", Operation="PatchBgpRoutingConfig", Operation status="failure", New value=["vrf1" "default" {"enabled":true,"ecmp":true,"graceful_restart_config":{"mode":"HELPER_ONLY","timer":{"restart_timer":180,"stale_route_timer":600}},"resource_type":"BgpRoutingConfig","id":"bgp","display_name":"bgp","path":"/infra/tier-0s/vrf1/locale-services/default/bgp","relative_path":"bgp","parent_path":"/infra/tier-0s/vrf1/locale-services/default","unique_id":"4658c09c-8a98-45f3-8e31-554f1224cbc1","marked_for_delete":false,"overridden":false,"_create_user":"admin","_create_time":1597759265910,"_last_modified_user":"admin","_last_modified_time":1597759265912,"_system_owned":false,"_protection":"UNKNOWN","_revision":0}]
2020-08-18T14:32:06.620Z INFO http-nio-127.0.0.1-6440-exec-93 HierarchicalAPIAuthorizationAspect - POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] Resetting HierarchicalAPIAuthorization for void com.vmware.nsx.management.policy.connectivity.facade.PolicyConnectivityFacadeImpl.patchResources(List)
2020-08-18T14:32:06.620Z WARN http-nio-127.0.0.1-6440-exec-93 PolicyHierarchicalAPIUtils - POLICY [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="policy"] Error while performing hierarchical patch
com.vmware.nsx.management.common.exceptions.InvalidArgumentException: null
at com.vmware.nsx.management.policy.policyframework.service.BgpRoutingConfigServiceImpl.validateVrf(BgpRoutingConfigServiceImpl.java:416) ~[policy-framework-api-1.0.jar:?]
at com.vmware.nsx.management.policy.policyframework.service.BgpRoutingConfigServiceImpl.validate(BgpRoutingConfigServiceImpl.java:283) ~[policy-framework-api-1.0.jar:?]
at com.vmware.nsx.management.policy.policyframework.service.BgpRoutingConfigServiceImpl.validate(BgpRoutingConfigServiceImpl.java:51) ~[policy-framework-api-1.0.jar:?]
at com.vmware.nsx.management.policy.policyframework.service.PolicyServiceImpl.saveInternal(PolicyServiceImpl.java:708) ~[policy-framework-api-1.0.jar:?]
at com.vmware.nsx.management.policy.policyframework.service.PolicyServiceImpl.createOrUpdate_aroundBody4(PolicyServiceImpl.java:330) ~[policy-framework-api-1.0.jar:?]
at com.vmware.nsx.management.policy.policyframework.service.PolicyServiceImpl$AjcClosure5.run(PolicyServiceImpl.java:1) ~[policy-framework-api-1.0.jar:?]
....
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.1.5.RELEASE.jar:5.1.5.RELEASE]
...
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_241]
2020-08-18T14:32:06.620Z INFO http-nio-127.0.0.1-6440-exec-93 PolicyHierarchicalAPIUtils - POLICY [nsx@6876 comp="nsx-manager" level="INFO" subcomp="policy"] Got errors during hierarchical patch - [{"moduleName":"Policy","errorCode":503175,"errorMessage":"Only ecmp, enabled, BGP Aggregate to be configured for VRF BGP Config."}]
Does anyone else came accross this issue ?
It only affect 3.0.1 we didn't have this on 3.0.0.
BR,
Louis
/* Update *\
It's working with this body, ecmp is a mandatory parameter for vrf.
'{"enabled" : "true", "ecmp" : "true"}'
Best regards
This is a bug. Please try the configuration via the API.
/* Update *\
It's working with this body, ecmp is a mandatory parameter for vrf.
'{"enabled" : "true", "ecmp" : "true"}'
Best regards