Missing Registered-IP under the Dynamic Address Group on NSX PA-VM
5818
Created On 12/19/19 19:45 PM - Last Modified 01/08/20 17:52 PM
Symptom
Under the Dynamic Address Group when clicking on Add Match Criteria we see the serviceprofile created under the NSX
but the registered-IP came back empty when clicking on more..... Selecting Synchronize Dynamic Objects did not help.
Turning on debug on plugin_vmware_nsx.log (request plugins debug level high plugin-name vmware_nsx) we see the following
entries.
2019-12-13 20:19:59.620 +0100 DEBUG: send message: <request cmd="op"> <operations xml="yes" > <request> <address-update version="2.0"> <source>PLUGIN_NSX-TEST</source> <type>update</type> <container> <entry> <device-group target="HQ"/> <tag> <entry name="_nsx_PAN_MIM" source="serviceprofile-8"> <address></address> <=============================== EMPTY ADDRESS !!!! </entry> <entry name="_nsx_PAN_MIMweb" source="serviceprofile-8"> <address></address> </entry> </tag> </entry> </container> </address-update> </request> </operations> </request> 2019-12-13 20:19:59.737 +0100 DEBUG:
Environment
- ESXi Host: 6.7
- vCenter: 6.7
- NSX: 6.4.5
- Panorama: 9.0.4
Cause
There was no Objects/VMs included under the Security Group associated with the Dynamic Address Group under the Service Composer inside NSX.
Resolution
The Security Group must include the Objects, otherwise the NSX will push empty address value <address></address> to Panorama.