jstander
Enthusiast
Enthusiast

vRA 7.4, blueprint deployment error with NSX On-demand Load Balancer VIP on different network

I upgrade my vRA environment from 7.2 to 7.4 but ever since the upgrade I was unable to deploy my multi-tier application which deploys 2 x on-demand NSX LB.

Screen Shot 2018-05-31 at 12.42.39 PM.png

I have been troubleshooting this for a while and finally found that when I deploy only 1 on-demand LB it deploys successfully, however, if you have 2 on-demand LB in the blueprint it fails every time with the following error:

Request [421e6c26-b55b-4e6a-be51-2c657782aa6e]: Failure during dynamic enhancement of blueprint [SovBusinessApp, SovBusinessApp]. Internal error processing completion of blueprint [PROVISION] request [421e6c26-b55b-4e6a-be51-2c657782aa6e]. Status so far: [FAILED]

I traced it down in log files to the following message, which states that I cannot use different networks for the VIP of each LB in blueprint (This use to work in 7.2!!)

"Caused by: com.vmware.vcac.platform.rest.client.error.RestException: The NAT networks and Load Balancer VIPs must all reference the same external network profile: [development-external-web, development-external-app]"

-----

So, I set both my LB VIPs to the same network but was still getting the same error.

Screen Shot 2018-05-31 at 12.40.45 PM.png

Caused by: com.vmware.vcac.platform.rest.client.error.RestException: Select a VIP network for load balancer [On-Demand_Load_Balancer_1] that matches the external network on the machines NIC.

-------

If then set up the configuration with only a single LB and VIP pointing to a different network (thinking this might be a 2xLB issues) but also get the same error

Screen Shot 2018-05-31 at 1.52.25 PM.png

  "errorCode" : 43332,

  "errorMessage" : "Select a VIP network for load balancer [On-Demand_Load_Balancer_2] that matches the external network on the machines NIC."

-------

Finally, if I then place both my VMs and on-demand LBs on the same network, then only does it deploy successfully.

Screen Shot 2018-05-31 at 12.34.21 PM.png

Anybody else run into this problem? Or can someone please verify that is a bug since I cannot believe this is the way it is supposed to work because it makes the use of the on-demand LB very limited.

Tags (2)
0 Kudos
2 Replies
MrYeske
Contributor
Contributor

Do you have a Transport Zone specified in your Reservation, and then in your Blueprint (NSX Settings tab)?

0 Kudos
jstander
Enthusiast
Enthusiast

Hi, sorry I have been meaning to respond with the fix.


VMware's response is that this is now expected behavior because of a new validation put into place as a resolution to another bug reported in the past. The idea is to prevent invalid blueprint configurations.

I had to update my existing blueprint and connect the Virtual Machine object to an on-demand NAT network and also the Load Balancer object connected to a regular existing network.    This is required for an inline LB configuration.   This blog helps showing the difference between inline and one-armed and also shows how to setup the inline.

Screen Shot 2018-07-31 at 4.19.25 PM.png

VMware's Engineering Team also confirmed that in anticipation to similar issues like this that there is a mechanism in place to turn off this validation. Please refer to the following document here   keyword: nsx.validation.disable.single.edge.uplink
I have not tested this and also not sure what affect this will have on your environment when the validation is disabled. Use at own risk.

Hope this helps.

0 Kudos