If you are running old hardware in your lab, you may have come across an unexpected failure while deploying your first NSX-T edge VM.
The exact error message will be something similar to:
“[Fabric] Edge <uuid> is not ready for configuration error occurred, error detail is NSX Edge configuration has failed. The host does not support required cpu features: [‘aes’].”
The edge will be successfully deployed, but will remain ‘unconfigured’ and will not allow you to add it as a transport node.
The ‘aes’ feature being referred to is Intel’s AES-NI acceleration for cryptography. You can find out more about AES-NI here. In NSX-V, AES-NI was optionally supported for offloading cryptography for VPN related features. It seems that this has now become a hard requirement for NSX-T.
Unfortunately, like vSphere 6.7, NSX-T has minimum CPU requirements that can’t be worked around. If you have a browse through the NSX-T system requirements, you’ll find a note about CPU compatibility in the “NSX Edge VM and Bare-Metal NSX Edge CPU Requirements” section. Listed there is reference to:
- Xeon 56xx (Westmere-EP)
- Xeon E7-xxxx (Westmere-EX and later CPU generation)
- Xeon E5-xxxx (Sandy Bridge and later CPU generation)
This means that anything released prior to 2011 is unlikely to work, with the exception of a few Westermere EP based Xeons, which seem to have spotty success. On the AMD front, it appears that even CPUs with AES instructions will fail similarly due to a CPU compatibility check that is done during edge deployment.
Update: Commenter Ben Kenobi figured out a workaround to get edges to deploy on modern AMD platforms! You can find his workaround discussed below in the comments as well as on his blog here.
My management host uses Xeon E5-2670s, which work fine, but my compute cluster uses very old Xeon X3440s that came out before AES-NI was introduced. Now that I can’t run vSphere 6.7 or an NSX-T edge on these hosts, I think it may finally be time to upgrade.
Unfortunately, it doesn’t appear that there is a workaround for this problem. If anyone does come across a way to avoid this, please let me know!
7 thoughts on “NSX-T PCPU Requirements for Edges”
it seems that AMD Ryzen Threadripper (the Epyc desktop version) CPU not working with NSXT edge VM…after ESG deployment, it reports following mesage “NSX Edge configuration has failed. AMD cpu is not supported on this appliance.” My lab is based only with AMD cpu
Yeah, I just found this out too, unfortunately. Looks like it’s not just an AES check – only Intel Westmere and later generations are supported. I believe this is due to the current DPDK limitations. Hopefully this will be addressed in a future release.
I found a workaround (very dirty)…
Login to ESG with root credential and edit following file
Comment 2 lines:
if “AMD” in vendor_info:
self.error_exit(“AMD cpu is not supported on this appliance.”)
Switch to user admin and start dataplane service
su – admin
start service dataplane (command return an error)
The ESG is now “ready” on the NSX Manager UI…and i can configure TZ on edge…
I hope that this can enough for testing it on my nested lab (without any issue)
Awesome find! Thanks for sharing this. Please let me know if the edge has been functional or if there have been any other unexpected side effects. I don’t think the ‘enhanced’ mode DPDK stuff will work, but if everything else does this could be a great workaround for AMD owners. If you have a blog post on this that I could link, or would like me to add the content for others just let me know.
I’m testing all the stuff, I’ll let you know ASAP
I’m re-build the lab from scratch with NSX-T 2.4….and trying all the stuff…
If you want to use the workaround on your blog, use it as you want…I blogged this on following links…work in progress..
Thanks, Ben! I’ve added a link to your blog post in the article above. Has the edge been working okay on your AMD hardware with the workaround?