There are often instances where individual either working inside Production or LAB environment performing the migration of workloads from VLAN Segment to Overlay and decommissioning unused Segment. But under those circumstances unable to delete a Segment or logical switch from the NSX-T database due to dependency. Common known dependencies are listed below:
- Ensuring deletion of Router Port on Tier-0 or Tier-1 mapped to the Segment as downlink.
- Also, make sure that there are no workloads mapped to the Segment or Logical Switch
- No Bridging Profile attached to the Segment.
But still, you may find yourself helpless to understand even when you have performed the above-listed task you are unable to delete the Segment.
While working in our nested LAB environment with NSX-T 2.4 Manager (Size: Medium) used as Layer 2 VM running over virtual ESXi host, CPU seems to spike almost 100% due to resource oversubscription and while CPU crosses critical threshold may result in inconsistency in the database when changes are performed. For Example: While migrating workloads from One Segment to another Segment or to VDS based Port Group via vCenter. In such instance, it has been seen that even when workload migrations were successful via vCenter and after migration when you try to delete the Segment it throws an error that Workload or Logical Ports are still bound to the Segment hence cannot be deleted.
From the error message, you know that we have Logical Ports that are still associated with that Segment for the Workload that you already migrated. Next, you attempt to delete the STALE Logical Port via UI. You will realize that you cannot delete Logical Port via UI. The second option is to delete the logical port via API which fails too if you use vanilla Logical Port DELETE operation.
It’s not commonly known but you have Option in API call to perform forceful deletion which allows you to clean the STALE Logical Port inside NSX-T Database.
To perform force DELETE Operation on STALE Logical Port we will use Mozilla Firefox RESTCLIENT add-on/extension
Navigate to the NSX-T API Documentation:
- Navigate to Delete a Logical Port on the NSX-T 2.4 API document
- Expand Query Parameters by clicking + plus sign against LogicaPortDeleteParameters
- As we need to force delete we shall use detach Parameter with the value set to true
Get Logical Port ID from NSX-T UI
- Navigate to Advanced Networking and Security on NSX-T UI
- Click Networking
- Select Switching
- Click Ports TAB
- Identify STALE Logical Port which would show as operationally Down as per the snapshot
- Double Click ID and copy the Logical Port ID to save it in a text file (Will be used in API call to delete this Logical Port)
Perform API call to force delete the Logical Port
- To perform an API call Set Basic Authentication for NSX-T Manager (Admin username and password) and set Headers Content-Type to application/json
- The second step is to select the DELETE method
- Use the URL as per API document and make sure you replace URL Logical Port ID with one we copied to the file in the previous step.
- Manually append parameter as ?detach=true to the URL (This will ensure Logical Port Deletion is forced)
- Submit the request by clicking SEND (Make sure return code is 201)
Conclusion with Note:
In any case, before you perform any force deletion, please make sure you have removed all the dependent child objects that restrict you to delete a parent object.
Also, keep note that the NSX-T objects that are created via Simplified UI cannot be modified or deleted via Advanced UI.