This section explains the common configuration and deployment issues for Microsoft Azure integration with NSX Advanced Load Balancer.
Cloud Configuration Issues
Microsoft Azure cloud configuration fails with the following symptoms:
The Cloud configuration navigation page on NSX Advanced Load Balancer UI does not list the desired resource group or the desired virtual network in the drop-down menu.
Clouds status for Azure cloud with errors on the NSX Advanced Load Balancer UI is RED.
The following are the steps to troubleshoot configuration issues on the Microsoft Azure cloud:
Ensure the credentials provided to configure Microsoft Azure cloud like username, password, tenant name, or the Application ID, Tenant ID, and Subscription ID are correct. Log into the Microsoft Azure portal. Navigate to Active Directory and check if the listed directory ID is the same as the tenant ID. The subscription ID can be checked by clicking any of the VMs in the Azure portal.
Credentials used for Azure cloud must have contributor privilege over the resource group configured in the cloud. To check the role configured for the user, navigate to
in the Azure portal.Credentials used must have an NSX Advanced Load Balancer Controller role. To know more about role setup in Azure, see Azure Roles and Permissions.
Make sure the NSX Advanced Load Balancer image is uploaded to the Azure cloud. In the Azure portal, navigate to for the resource group and look for an image starting with
avi-se-image
, having a tagavicloud-uuid =<cloud-name:cloud_uuid>
.
Virtual Service Creation Issues
Following are some of the issues that are observed when a virtual service creation fails for an Azure cloud:
Virtual service creation fails.
Virtual service creation succeeds, but the virtual service status on the NSX Advanced Load Balancer UI is not green.
The virtual service status is green, but the virtual service IP does not respond.
Follow the below-mentioned steps to troubleshoot virtual service creation issues:
Users must have an NSX Advanced Load Balancer Controller role.
Scale set option and DNS zone are configured on NSX Advanced Load Balancer. For more information, see Configuring Virtual Service.
Check if the subnet used for the virtual service has a few free IP addresses. Navigate to
in the Azure portal to check the status of free IP address.By default, Azure Load Balancer supports only ten virtual IPs, any attempt to place more than ten virtual IPs will fail. Errors related to this event can be observed in the NSX Advanced Load Balancer UI. To increase the limit to more than ten virtual IPs, raise a request with the Azure support team using a customer subscription. Follow the below-mentioned steps:
Go to the Azure support request page.
Choose the issue type as quota.
Choose the subscription.
Choose the quota type as Networking: ARM.
Click Next.
In the text box, mention that you want to increase the max number of front-end IPs per Azure Load Balancer for both internal and external to 250.
If the cloud status is Red on NSX Advanced Load Balancer UI, follow the steps mentioned in the cloud troubleshooting section of this article.
For virtual service placement issues on Service Engine, check for errors in NSX Advanced Load Balancer UI for the virtual service.
Check the following if the virtual service IP status is green but the virtual IP does not respond:
Check the virtual service IP connectivity using the configured protocol, for example, TCP, HTTP, UDP, etc. Please note that the ICMP test does not work for Azure.
Azure Load Balancer probes NSX Advanced Load Balancer SEs on port 7. Please ensure that probe requests from Azure Load Balancer are reaching NSX Advanced Load Balancer SEs. If any network security groups are configured on the SE or its subnet, make sure that it allows incoming requests from 168.63.129.16 on port 7 to the Service Engine IP. 168.63.129.16 is the source IP of all the probes that originate from Azure Load Balancer to NSX Advanced Load Balancer.
Service Engine Creation Issues
Following are some of the issues observed related to Service Engine creation:
Service Engine creation fails.
Service Engines are created but fail to connect to NSX Advanced Load Balancer Controller.
Follow the steps mentioned below to troubleshoot NSX Advanced Load Balancer SE creation issues.
Check quotas or Microsoft Azure limits for the number of cores per subscription. If the quota is exhausted, any new SE creation will fail.
If NSX Advanced Load Balancer Controller and Service Engines are part of different networks, check their connectivity.
Useful Tools
NSX Advanced Load Balancer Controller exposes an API to dump all the resources created by NSX Advanced Load Balancer for the cloud. The output helps in debugging any issues.
For an AZURE cloud deployment, run the following APIs:
https://<controller-ip>/api/azure-all-resources?uuid=<cloud_uuid>
For an OpenShift/Kubernetes deployment on Azure, run the following APIs:
https://<controller-ip>/api/azure-all-resources?ipamdnsprovider_uuid=<ipamdnsproviderprofile_uuid