OPERATIONAL DEFECT DATABASE
...
...
In the NSX-T manager UI under: Home, Alarms, you see a Critical alert for: Feature: Service Insertion Event type: Service Insertion Infrastructure Status Down Description: SPF not enabled at port level on host c682e65c-2f81-4397-a75c-50479932ba9c and the status is down. Reason : Missing spf port or incorrect host switch config. Recommended Action: Perform any corrective action from the KB and check if the status is up. Reported by Node: <node> There are two possible runtime details: A. Reason: Incorrect host switch config or missing key component B. Reason: Traffic failed to redirect to service due to service insertion infra down
This KB will be added to the alarm notification for helping customer resolve service insertion infra issue.
1. Unsupported transport zone or hostswitch configuration. 2. Issue with spf port management, see diagnosis at https://kb.vmware.com/s/article/83412 .
NSX 4.0.X versions.
For 1, check the nsx-t configuraition for the host reported by the alarm.goto Security -> Network Introspection -> Service Segment, find the transport zone of the servicesegment. goto System -> Fabric -> Nodes, select the host reported by alarm, only one hostswitch can be present and the hostswitch should have the transport zone that the service segment is on.EW Service insertion only supports traffic redirection on one hostswitch, if more than one is configured, the VM on other switch will not be able to redirect to third party services and will trigger this alarm.If the workload on that transport node doesn't need service insertion, users can create an exclude list in Security - > EW Network Introspection -> Action -> Exclude List to exclude all the VMs on that host.If service insertion is needed, fix the transport zone and hostswitch configuration to a service insertion supported configuration.For 2, see resolution and workaround at https://kb.vmware.com/s/article/83412 .Note that regardless this alarm, regular traffic that doesn't hit service insertion policy wouldn't be affected.Reason A means that VM is on an invalid hostswitch.Reason B means you configured serrvice insertion policy for VMs on invalid hostswitches and you have real traffic hit that policy, the traffic would apply failure policy in this case.After resolving the issue, goto Home -> Alarms, manually resolve this alarm.
Check the Resolution section.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
