Travelling Techie

Adventures in VMware

User Tools

Site Tools


Network Virtualization
Compute Virtualization
Storage Virtualization
Operating Systems
VMware Classes
Other Classes


Recent Changes

About The Author

Brandon Neill is a VMware Certified Instructor and Consultant. He specializes in NSX and vRealize Automation. In addition to teaching Official VMware Classes, he provides contract training and consulting services.



Traceflow is a tool built in to the Web Client to inject packets in to the distributed switch port of a VM connected to a VXLAN and trace the flow to it's destination. Traceflow was improved to allow more destination options in 6.3.

NOTE Traceflow does in fact inject traffic in to the network. I have verified this with pktcap-uw. This means it will pick up issues such as an MTU mismatch, Transport VLAN/Load balancing mismatch and problems on the physical network. In the traceflow output you'll see the traffic leave the source ESXi host, but never enter the destination.

Here is an example of a successful packet flow. Notice I specify the source and destination vNics, and can even specify what protocol and ports I want to use. The flow goes through the firewall, the source logical switch, the DLR, and the destination logical switch. Then the packet exits the host to the destination host, passes through the firewall again and is delivered to the destination vNIC.

In the second test, I create a firewall rule to block the traffic, now when I do a traceflow, I can see that the firewall blocked the traffic, and I can even click on the link to get additional information.

traceflow.txt · Last modified: 2019/08/29 16:50 by brandon