Unable to delete a segment in NSX-T 3.x because of an orphaned logical port
In my home lab, I was unable to delete a NSX-T segment because of a logical switch port that was occupied by an orphaned VM. In this blog post, I will show you how to detach/delete the logical port with a simple API call.
Table of Contents
Summary
A while ago, I was testing the HCX product from VMware with a friend of mine. We created an IPSEC VPN tunnel between our Mikrotik firewalls and connected our HCX instances with each other. We completed our HCX tests, but we didn’t remove the service mesh at that time. The service mesh removal was initiated at some point (forced removal) by that friend of mine, but the appliances were not removed from my side, because my lab was powered off.
I decided to remove the HCX setup the dirty way (deleting HCX appliances, un-registering the extensions in MOB and removing the NSX-T segments that is being used by HCX), but that left me with two segments that were still occupied by the orphaned HCX appliances, and because of that, I couldn’t remove those segments.
Resolution
As i mentioned before, I will use the API to remove the logical ports from the NSX-T Manager. First of all, you can find all the NSX-T API calls on the following page: https://code.vmware.com/apis/1083/nsx-t
Note: In this blog post, I’m not gonna explain how to configure the connectivity with a NSX-T manager in Postman.
In the picture below, you will see the two segments that was being used by the HCX setup. The segment “192.168.22.0/24” and “hcx-cc0c507c-2866-4a0”. You can also see that there are ports allocated on those segments.
As you can see, there is a HCX appliance connected to a logical port on the segment. The HCX appliance is already deleted from vCenter, but NSX-T is not liking this and it does not clear the port automatically.
Get a list of logical ports
We need to find the logical port ID and this can be done by running the following the following API call:
https://NSX-T-MANAGER-FQDN/api/v1/logical-ports
Make a note of the logical port ID as shown below.
Remove a logical port
We can now build the API call to remove the logical port. This can be done with the logical port ID we have noted down earlier. We also need to add ?detach=true at the end to do a force detach/delete.
https://NSX-T-MANAGER-FQDN/api/v1/logical-ports/9816e1ab-cc6e-45b5-ab35-8219cdca0461?detach=true
The logical port will be cleared after a few seconds. After the removal of the logical ports, I was able to remove the segment.
Final words
I hope that this post will help you to be familiar with doing changes through the API. Some say that you can also remove the logical port from the manager mode view. I haven’t tried that out, but I will definitely try that out the next time when I have an orphaned logical port.
You can delete such port in NSX manger UI in Manager mode – Networking/Logical Switches/Ports
This also depends on the object. If the object is protected than you are unable to delete this as admin in the GUI.
Great article. You save my day. Thank you so much!