NSX troubleshooting commands.

Started by burnyd, September 17, 2018, 06:01:49 AM

Previous topic - Next topic

burnyd

NSX troubleshooting commands.

NSX Controller related commands show control-cluster status – Shows if a controller is connected to the cluster This command is ran on every NSX controller to make sure that each controller is added to the 3 node cluster. For some reason or another if the NSX controller is not enabled for all processes it either […]

NSX Controller related commands

show control-cluster status – Shows if a controller is connected to the cluster


This command is ran on every NSX controller to make sure that each controller is added to the 3 node cluster. For some reason or another if the NSX controller is not enabled for all processes it either has to be deleted or rebooted then re added.


If for some reason the join is not completed then do the following.

1.) Ping the other NSX controllers for connectivity

2.) Reload controller.

3.) Check NSX install management to see if the controller is setup.


show control-cluster logical-switch vni xxx – This command shows which one of the NSX controllers handles all the functionality for a particular VXLAN/VNI.

In my experience if you do not see a logical switch /VNI associated with a specific controller please do the following.

1.) Make sure the right VNI is being used

2.) Find the logical switch change its mode to multicast then back to unicast quickly.


show controler-cluster logical-switches vtep-table xxx – Discover what hosts participate in a VXLAN


1.)You do not see VTEPs showing up on the controller who owns that VNI/VTEP – Restart the NetCPA agent by logging into a ESXi host and issuing the following command /etc/ini.d/netcpad restart

2.)Netcpa did not resolve the issue the only way to fix it at this point is a reboot of the host.


show control-cluster logical-switches arp-table xxx – Discover VM’s arp address in a VXLAN

Connection-ID shows the Host where it belongs to. If we look at the previous command.


1.)If a IP address does not show up in a controller issuing the arp-table command for its VXLAN/VNI chances are that VM will not be able to communicate to the outside world due to an issue with the host where it lives. Take that VM and migrate it to another host that has a working VTEP.

2.) IP address shows up but cannot ping its default gateway. Check to see the default gateway of the host and make sure it matches the default gateway of the LIF same goes with hosts OS.


show control-cluster logical-switches mac-table xxx – Discover VM’s mac addresses in a VXLAN


Same thing as the Arp-table the connection-ID directly maps to the VTEP table.


1.)Mac does not show up in the controller. Chances are there is an issue with the host. Check that the hosts VTEP interface shows up when issuing the command to see all the VTEPs that participate within a VXLAN/VNI. VMotion the VM to another host and reboot the non functional host.

2.)Check to make sure that the mac address is correct in the guest operating system.


show control-cluster logical-routers instance all – Shows each edges association with each host.

This command like the other controller commands will look different per controller. The LR-ID number will be needed for future commands.


show control-cluster logical-routers interface-summary – Provides all the interfaces for the LDR / Edge associated


show control-cluster logical-routers interface routerID interface – Provides the default gateway IP / MAC and MTU


show control-cluster logical-routers routes routerID – Shows all the routes for a given ESG. Note this is different per controller.


NSX edge commands

show ip route

Show ip route ospf/static/bgp

Show ip ospf

Show ip ospf neighbors

Show ip ospf database

show firewall flows – Will show every single flow going through the Edge router at that time. Similar to a iptables –L

show firewall flows top 10 – Provides the top 10 largest sessions

show firewall flows top 10 sort-by-pkts – Provides the top 10 by the amount of packet

show flowtable – will show all flows.

show ip forwarding – Displays the FIB as show ip route will show the rib

show system uptime – Shows the uptime of a device.


ESXi Related troubleshooting commands

esxcli network vswitch dvs vmware vxlan list – Lists the VTEP segment and default gateway for the VTEP with MTU

net-vdr -l –instance – Will list the routers along with their associated LIFs etc.

Esxcli software vib list | grep vxlan – This is the installed vib that needs to be installed on each host. If the vib is not installed the host cannot participate in VXLAN.


Source: NSX troubleshooting commands.