Objective 10.1 – Compare and Contrast Tools Available for Troubleshooting

Principles

  1. Capture and trace uplink, vmknic, and physical NIC packets
  2. Audit NSX infrastructure changes
  3. Output packet data for use by a protocol analyzer
  4. Capture and analyze traffic flows
  5. Mirror network traffic for analysis
  6. Perform a network health check
  7. Configure vSphere Distributed Switch alarms

References

  1. NSX Administration Guide

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf

  1. vSphere Networking Guide

http://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-60-networking-guide.pdf

  1. vSphere Command-Line Interface Concepts and Examples

https://vdc-download.vmware.com/vmwb-repository/dcr-public/0a40d9c5-4d4b-490d-8efa-e373a0ff2109/43a3c005-3878-4e05-8b60-35aca804d61d/vsphere-esxi-vcenter-server-65-command-line-interface-concepts-examples-guide.pdf

Capture and trace uplink, vmknic, and physical NIC packets

NSX Edge

Use the “debug interface” command to capture packets on an Edge.

Display packets on screen: debug packet display interface <intName> [expression]

  • intName: vNic0 – vNic9
  • expression: A tcmpdump expression, substituting “_” for spaces
  • This command runs in the foreground – Ctrl+C to end

e.g. the following displays packets to/from vNic_0 from host 10.10.11.11 on port 80:

debug packet display interface vNic_0 host_10.10.11.11_and_port_80

Capture to pcap file: [no] debug packet capture <intName> expression]

  • intName: vNic0 – vNic9
  • expression: A tcpdump expression, substituting “_” for spaces
  • This command runs in the background. Repeat the command with “no” at the start to end
  • Use debug show files to list captured files e.g.

debug show files

-rw——- 1 0 Aug 7 09:33 tcpdump_vNic_0.0

  • Use debug copy [ftp|scp] to transfer files from edge e.g.

debug copy scp admin@192.168.10.10:/ tcpdump_vNic_0.0

  • Use debug remove <filename> to remove file from Edge e.g.

debug remove tcpdump_vNic_0.0

removed ‘/var/dumpfiles/data/tcpdump_vNic_0.0’

ESXi

Use the pktcap-uw command to capture packets on vmk and uplink interfaces

To capture packets on vmk interfaces: pktcap-uw –vmk <vmk> -o <output_file> e.g.

pktcap-uw –vmk vmk0 -o /var/tmp/vmk0.pcap

The name of the vmk is vmk0

The output file is /var/tmp/vmk0.pcap

No server port specifed, select 62067 as the port

Local CID 2

Listen on port 62067

Accept…Vsock connection from port 1029 cid 2

Dump: 27, broken : 0, drop: 0, file err: 0Join with dump thread failed.

Destroying session 2

Dumped 27 packet to file /var/tmp/vmk0.pcap, dropped 0 packets.

Done.

To capture packets on uplink interfaces: pktcap-uw –uplink <vmknic> -o <out_file> e.g.

pktcap-uw –uplink vmnic0

The name of the uplink is vmnic0

No server port specifed, select 62402 as the port

Output the packet info to console.

Local CID 2

Listen on port 62402

Accept…Vsock connection from port 1039 cid 2

Audit NSX infrastructure changes

See 9.4 – Audit infrastructure changes

NSX Ticket Logger

Output packet data for use by a protocol analyser

See above

Capture and analyze traffic flows

See Objective 9.3 – Configure and collect data from network: Flow Monitoring

Mirror network traffic for analysis

  • Mirror distributed port traffic to other distributed or physical switch ports
  • Sends a copy of packets on one switch port (or an entire VLAN) to another switch port

Select vDS -> Configure -> Port mirroring

Port Mirroring options

Option Description
Distributed Port Mirroring Mirror packets from several distributed ports to other distributed ports on the same host

Port -> Port
Remote Mirroring Source Mirror packets from several distributed ports to specific uplink ports on a host

VLAN -> Uplink
Remote Mirroring Destination Mirror packets from several VLANs to distributed ports

VLAN -> Port
Encapsulated Remote Mirroring (L3) Source Mirror packets from several distributed ports to remote agent’s IP addresses

VM traffic is mirrored through an IP tunnel

Port -> IP
Distributed Port Mirroring (legacy) Mirror packets from several distributed ports to several distributed ports and/or uplink ports on the corresponding host

Port -> Uplink, Port -> Port

Perform a network health check

  • Helps to identify and troubleshoot configuration errors in a vSphere Distributed Switch.
  • Runs regular health checks to (@ default 1m interval)
    • Examine certain settings on the distributed and physical switches
    • Identify common configuration errors
  • At least 2 active physical NICs are required
Configuration Error Health Check
The VLAN trunk ranges configured on the distributed switch do not match the trunk ranges on the physical switch Checks whether the VLAN settings on the distributed switch match the trunk port configuration on the connected physical switch ports
The MTU settings on the physical network adapters, distributed switch, and physical switch ports do not match Checks whether the physical access switch port MTU jumbo frame setting based on per VLAN matches the vSphere distributed switch MTU setting
The teaming policy configured on the port groups does not match the policy on the physical switch port-channel Checks whether the connected access ports of the physical switch that participate in an EtherChannel are paired with distributed ports whose teaming policy is IP hash

Select vDS -> Action -> Settings -> Edit Health Check

Select required checks

View Health from vDS -> Monitor -> Health

Configure vSphere Distributed Switch alarms

Add Alarm definitions from vDS -> Monitor -> Alarm Definitions

Add Triggers

Add Actions