Deploying VCF 3.9.1 or 3.10 with AVN and the deployment fails with cannot validate BGP?
In VCF 3.9.1/3.10, Cloud Builder expects the NSX Edge Services Gateways to be reachable over the Uplink interface using ssh. This is not always the case in a customer environment.
If the NSX Edge Services Gateways cannot be reached by Cloud Builder, the deployment will fail because Cloud Builder will not be able to verify the BGP status.
To bypass this, BGP can be manually validated using either the NSX-v Manager or checking directly in the NSX Edge Services Gateway console.
- ssh to NSX-v Manager
- List NSX Edges:
show edge all
- Verify BGP connectivity:
show edge edge-1 ip bgp neighbor
show edge edge-2 ip bgp neighbor
show edge edge-3 ip bgp neighbor
To check directly on an NSX Edge Services Gateway, run
show ip bgp neighbor
- If all BGP connections are established, BGP is now validated from a bringup perspective.
- To make Cloud Builder skip the BGP Validation, the following element needs to be updated or added if not present in the json.
5a. The Cloud Builder UI allows for a bringup execution to be retried, but it does not allow the input specification to be modified. In this case the json must be modified.
5b. Open /opt/vmware/sddc-support/cloud_admin_tools/Resources/vcf-ems/vcf-ems.json and update the following element: "skipBgpValidation": true,
5c. Obtain the UUID of the failing execution
This value is visible in /opt/vmware/bringup/logs/vcf-bringup-debug.log Search for "End of Orchestration with FAILURE for Execution ID <UUID>".
5d. Execute the following command on the Cloud Builder VM to retry the execution with the modified input json:
curl -X POST http://localhost:9080/bringup-app/bringup/sddcs/<UUID> -H "Content-Type: application/json" -d "@/opt/vmware/sddc-support/cloud_admin_tools/Resources/vcf-ems/vcf-ems.json"
About the Author:
Martin Gustafsson is a Senior Consultant in the NEMEA Region working for VMware.