Travelling Techie

Adventures in VMware

User Tools

Site Tools


Sidebar

Network Virtualization
Compute Virtualization
Storage Virtualization
Cloud
Containers
Operating Systems
Automation
Tools
VMware Classes
Other Classes
Other

Tags

Recent Changes

About The Author

Brandon Neill is a VMware Certified Instructor and Consultant. He specializes in NSX and vRealize Automation. In addition to teaching Official VMware Classes, he provides contract training and consulting services.

nsx_troubleshooting_commands

back to Troubleshooting NSX

NSX Troubleshooting Commands

It's a little old now, but this troubleshooting guide is a great resource, and was the initial reference material that I used.

Central CLI

The Central CLI was introduced in NSX 6.2, and it allows for you to run most commands from NSX Manager, without having to log on to the individual ESXi hosts or controllers to gather information. See the NSX Command Line Interface Reference (6.3) To Retrieve basic information about NSX Components

nsx-mgr> show logical-switch controller master vni <vni> vtep show controller list all
nsx-mgr> show logical-switch controller master vni <vni> vtep show cluster all
nsx-mgr> show logical-switch controller master vni <vni> vtep show cluster cluster-id
nsx-mgr> show logical-switch controller master vni <vni> vtep show logical-switch list all
nsx-mgr> show logical-switch controller master vni <vni> vtep show logical-router list all
nsx-mgr> show logical-switch controller master vni <vni> vtep show edge all

Central CLI commands run against a host require you to know the host ID. There are a couple of ways to determine this.

nsx-mgr> show logical-switch controller master vni <vni> vtep show logical-switch list vni <vni-id> host

nsx-mgr> show logical-switch controller master vni <vni> vtep show cluster all
nsx-mgr> show logical-switch controller master vni <vni> vtep show cluster <cluster-ID>

Controllers

From Central CLI

nsx-mgr> show logical-switch controller master vni <vni> vtephow controller list all

From Controller

Controller Cluster Information

# show control-cluster status
# show control-cluster startup-nodes
# show control-cluster roles
# show control-cluster connections

Controller Network Information

# show network interface
# show network default-gateway
# show network dns-servers
# show network ntp-servers
# show network ntp-status

Controller Troubleshooting Commands

# traceroute <ip_address>
# ping <ip address>
# ping interface addr <alternate_src_ip> <ip_address>
# watch network interface breth0 traffic

Logical Switches

From Central CLI

List all Logical switches
Show all hosts on a VXLAN
Show all VXLAN information for a specific host

nsx-mgr> show logical-switch list all
nsx-mgr> show logical-switch list vni <vni-id> host
nsx-mgr> show logical-switch host <host-ID> verbose

View the controller configuration information retrieved from a specific host

nsx-mgr> show logical-switch host <host-id> config-by-vsm

View VXLAN Tables and other information

nsx-mgr> show logical-switch controller master vni <vni> vtep
nsx-mgr> show logical-switch controller master vni <vni> mac
nsx-mgr> show logical-switch controller master vni <vni> arp

nsx-mgr> show logical-switch controller master vni <vni> statistics
nsx-mgr> show logical-switch controller master vni <vni> verbose
nsx-mgr> show logical-switch controller master vni <vni> port <portID> statistics

From Controller

To view VNI information and TCP connections to hosts

# show control-cluster logical-switches vni <vni>
# show control-cluster logical-switches connection-table 5001

To view per-VNI tables

# show control-cluster logical-switches vtep-table 5001
# show control-cluster logical-switches mac-table 5001
# show control-cluster logical-switches arp-table 5001

From ESXi Shell

# esxcli network vswitch dvs vmware vxlan list
# esxcli network vswitch dvs vmware vxlan network list --vds-name=<VDS_ID>
# esxcli network vswitch dvs vmware vxlan network mac list --vds-name=<VDS_ID> --vxlan-id=<VNI>
# esxcli network vswitch dvs vmware vxlan network arp list --vds-name=<VDS_ID> --vxlan-id=<VNI>
# esxcli network vswitch dvs vmware vxlan network vtep list --vds-name=<VDS_ID> --vxlan-id=<VNI>
# esxcli network vswitch dvs vmware vxlan network port list --vds-name=<VDS_ID> --vxlan-id=<VNI>
# esxcli network vswitch dvs vmware vxlan network stats list --vds-name=<VDS_ID> --vxlan-id=<VNI>
# netstat -l

Logical Routers

The DLR ID is the tenant name (usually default) + the edge instance name. (default+edge-3 for example) To determine the logical router control ID, query a host. To go the host ID, query a cluster.

nsx-mgr> show logical-switch controller master vni <vni> vtep show cluster all
nsx-mgr> show logical-switch controller master vni <vni> vtep show cluster <cluster-ID>
nsx-mgr> show logical-router <host-ID>

From Central CLI

Query the controllers to list the logical routers, get information an a DLR instance, list interfaces, and routing table.

nsx-mgr> show logical-router list all
nsx-mgr> show logical-router controller master dlr <dlrID> brief
nsx-mgr> show logical-router controller master dlr <dlrID> interface
nsx-mgr> show logical-rotuer controller master dlr <dlrID> interface <interfaceID>
nsx-mgr> show logical-router controller master dlr <dlrID> route

View Host connection information, and additional DLR information from the host point of view.

nsx-mgr> show logical-router host <host-ID> dlr <dlrID> verbose
nsx-mgr> show logical-router host <host-ID> dlr <dlrID> interface
nsx-mgr> show logical-router host <host-ID> dlr <dlrID> interface <interfaceID> verbose
nsx-mgr> show logical-router host <host-ID> dlr <dlrID> route

From Controller

List Logical Routers, intefaces, and routes. From the controllers, the LR-ID is a hex number, you can determine this from the “instance all” command.

# show control-cluster logical-routers instance all
# show control-cluster logical-routers interface-summary <LR-ID>
# show control-cluster logical-routers interface <LR-ID> <Interface ID>
# show control-cluster logical-routers routes <LR-ID>

ESXi Shell

To list the DLR Instances, connection information, LIFs, Routing table, ARP information and Designated Instance

esxi: net-vdr -I -l
esxi: net-vdr -C -l
esxi: net-vdr -L -l <VDR_NAME> (--brief)
esxi: net-vdr -R -l <VDR_NAME>
esxi: net-vdr --nbr -l <VDR_NAME>
esxi: net-vdr --di —stats

Control VM

Always remember the Control VM is not in the data plane so data plane tests like ping and traceroute are not relevant. Those commands can be used to test the control plane communication to the upstream ESG however.

l-rtr> show ip ospf neighbors
l-rtr> show ip ospf 
l-rtr> show ip route
l-rtr> show ip forwarding
l-rtr> show interfaces
l-rtr> show log follow
<code>

===== Bridging =====
==== Central CLI ====
==== ESXi Host ====
To List bridge instances and learned MACs
<code>
# net-vdr --bridge -l <VDR_NAME>
# net-vdr -b --mac <VDR_NAME>

ESG Services

From Central CLI



From ESG Console

General

# show system memory
# show service network connections
# show system network stats

Troubleshooting

# traceroute

Load balancer

# show service loadbalancer 
# show service loadbalancer error
# show service loadbalancer monitor
# show service loadbalancer pool
# show service loadbalancer session
# show service loadbalancer table
# show service loadbalancer virtual
# show service monitor
# show service monitor service

L2 VPN

# show configuration l2vpn
# show service l2vpn
# show service l2vpn bridge
# show service l2vpn conversion table
# show service l2vpn trunk-table

Distributed Firewall

From ESXi Shell

# summarize-dvfilter
# vsipioctl getfilters
# vsipioctl getrules -f <FILTER_NAME>
# vsipioctl getaddrsets -f <FILTER_NAME>

ESXi Hosts

From Central CLI

From ESXi Shell

Verify VIB Installation

# esxcli software vib get --vibname esx-vxlan
# esxcli software vib get --vibname esx-vsip
# esxcli software vib get --vibname esx-dvfilter-switch-security

Controller Connectivity

# net-vdl2 -l
# esxcli network ip connection list| grep tcp | grep 1234
nsx_troubleshooting_commands.txt · Last modified: 2019/12/04 18:05 by brandon