Objective 9.1 – Identify Tools Available for Troubleshooting

Knowledge

• Identify filters available for packet capture
  • NSX Edge CLI
  • pktcap-uw
  • tcpdump-uw
  • Flow Monitoring
• Capture and trace uplink, vmknic, and physical NIC packets
  • Uplink
    debug packet display interface
    • Displays all packets captured by an NSX Edge interface, similar to a tcpdump. Enabling this command can impact NSX Edge performance. To disable the display of packets, use no before the command.
    • Synopsis
      [no] debug packet display interface (intif | extif) [EXPRESSION]
  • vmknic
    • To view a live capture of a vmkernel ports traffic:
      # pktcap-uw –vmk vmkX
  • pNic
    • To view a live capture of a specific physical network card on the host vmnic:
      # pktcap-uw –uplink vmnicX
• Identify and track NSX infrastructure changes
  • NSX Ticket Logger – See Objective 8.4
• Output packet data for use by a protocol analyzer
  • To capture the output to a file, use -o option:
    # pktcap-uw –vmk vmk# -o file.pcap
• Capture and analyze traffic flows
  • Log in to the vSphere Web Client.
  • Select Networking & Security from the left navigation pane and then select Flow Monitoring.
  • Ensure that you are in the Dashboard tab.
  • Click Flow Monitoring.
  • The page might take several seconds to load. The top of the page displays the percentage of allowed traffic, traffic blocked by firewall rules, and traffic blocked by SpoofGuard. The multiple line graph displays data flow for each service in your environment. When you point to a service in the legend area, the plot for that service is highlighted.
  • Traffic statistics are displayed in three tabs:
  • Top Flows displays the total incoming and outgoing traffic per service over the specified time period based on the total bytes value (not based on sessions/packets). The top five services are displayed. Blocked flows are not considered when calculating top flows.
  • Top Destinations displays incoming traffic per destination over the specified time period. The top five destinations are displayed.
  • Top Sources displays outgoing traffic per source over the specified time period. The top five sources are displayed.
  • Click the Details by Service tab.
  • Details about all traffic for the selected service are displayed. Click Load More Records to display additional flows. The Allowed Flows tab displays the allowed traffic sessions and the Blocked Flows tab displays the blocked traffic.
  • You can search on service names.
  • Click an item in the table to display the rules that allowed or blocked that traffic flow.
  • Click the Rule Id for a rule to display the rule details
• Mirror network traffic for analysis
  • Netflow/IPFix
    •  Log in to the vSphere Web Client.
    • Click Networking & Security and then Flow Monitoring
    • Select Configuration
    • Configure the Flow Collections, making modifications to Flow Exclusion if required
    • Click on IPFix and edit the IPFix domain, timeout and collector IPs as required.
    • Click Publish Changes
  • vDS port mirroring
    • Log in to the vSphere Web Client.
    • Browse to a distributed switch in the vSphere Web Client
    • Click the Manage tab and select Settings > Port Mirroring
    • Click New.
    • Select the session type for the port mirroring session.
      • Distributed Port Mirroring Mirror packets from a number of distributed ports to other distributed ports on the same host. If the source and the destination are on different hosts, this session type does not function.
      • Remote Mirroring Source Mirror packets from a number of distributed ports to specific uplink ports on the corresponding host.
      • Remote Mirroring Destination Mirror packets from a number of VLANs to distributed ports.
      • Encapsulated Remote Mirroring (L3) Source Mirror packets from a number of distributed ports to remote agent’s IP addresses. The virtual machine’s traffic is mirrored to a remote physical destination through an IP tunnel.
      • Distributed Port Mirroring (legacy) Mirror packets from a number of distributed ports to a number of distributed ports and/or uplink ports on the corresponding host.
    • Click Next
    • Set the session properties. Different options are available for configuration depending on which session type you selected.
      • Name You can enter a unique name for the port mirroring session, or accept the automatically generated session name.
      • Status Use the drop down menu to enable or disable the session.
      • Session type Displays the type of session you selected.
      • Normal I/O on destination ports Use the drop-down menu to allow or disallow normal I/O on destination ports. This property is only available for uplink and distributed port destinations. If you disallow this option, mirrored traffic will be allowed out on destination ports, but no traffic will be allowed in.
      • Mirrored packet length (Bytes)
        Use the check box to enable mirrored packet length in bytes. This puts a limit on the size of mirrored frames. If this option is selected, all mirrored frames are truncated to the specified length.
      • Sampling rate
        Select the rate at which packets are sampled. This is enabled by default for all port mirroring sessions except legacy sessions.
      • Description
        You have the option to enter a description of the port mirroring session configuration.
    • Click Next.
    • Select the source of the traffic to be mirrored and the traffic direction. Depending on the type of port mirroring session you selected, different options are available for configuration.
      • Add existing ports from a list
        Click Select distributed ports. A dialog box displays a list of existing ports. Select the check box next to the distributed port and click OK. You can choose more than one distributed port.
      • Add existing ports by port number
        Click Add distributed ports, enter the port number and click OK.
    • Set the traffic direction
      After adding ports, select the port in the list and click the ingress, egress, or ingress/egress button. Your choice appears in the Traffic Direction column.
    • Specify the source VLAN
      If you selected a Remote Mirroring Destination sessions type, you must specify the source VLAN. Click Add to add a VLAN ID. Edit the ID by using the up and down arrows, or clicking in the field and entering the VLAN ID manually.
    • Click Next.
    • Select the destination for the port mirroring session. Depending on which type of session you chose, different options are available.
      • Select a destination distributed port
        Click Select distributed ports to select ports from a list, or click Add distributed ports to add ports by port number. You can add more than one distributed port.
      • Select an uplink
        Select an available uplink from the list and click Add to add the uplink to the port mirroring session. You can select more than one uplink.
      • Select ports or uplinks
        Click Select distributed ports to select ports from a list, or click Add distributed ports to add ports by port number. You can add more than one distributed port.
      • Click Add uplinks to add uplinks as the destination. Select uplinks from the list and click OK.
      • Specify IP address
        Click Add. A new list entry is created. Select the entry and either click Edit to enter the IP address, or click directly in the IP Address field and type the IP address. A warning appears if the IP address is invalid.
    • Click Next.
    • Review the information that you entered for the port mirroring session on the Ready to complete page.
    • (Optional) Use the Back button to edit the information.
    • Click Finish.

• Perform a network health check
  • Enabling or disabling the vSphere Distributed Switch health check in the vSphere Web Client
    Notes:  Health check monitors for changes in vSphere distributed switch configurations. You must enable vSphere distributed switch health check to perform checks on distributed switch configurations.
    Health check is available only in ESXi 5.1 and later distributed switches. You can view health check information only through the vSphere Web Client 5.1 or later.
    • Browse to a vSphere distributed switch in the vSphere Web Client.
    • Click the Manage tab.
    • Click Settings and then click Health check.
    • To enable or disable health check, click Edit.
    • Select from the dropdown to enable or disable health check options.
      The options include:
      • VLAN and MTU – Reports the status of distributed uplink ports and VLAN ranges
      • Teaming and Failover – Checks for any configuration mismatch between ESXi and the physical switch used in the teaming policy.
    • Click OK.
  • Viewing the vSphere Distributed Switch health check information
    Note: After enabling health check, you can view the vSphere distributed switch health check information in the vSphere Web Client.
    • Browse to a vSphere distributed switch in the vSphere Web Client.
    • Click the Monitor tab and click Health.
    • In the Health Status Details section, click one of these tab to view the health status:
      • VLAN
      • MTU
      • Teaming and Failover
• Configure vSphere Distributed Switch alarms
  • Browse to a vSphere distributed switch in the vSphere Web Client.
  • Click the Manage tab and Alarm Definitions
  • Click + to add an alarm
  • Enter the Alarm name and Description
  • Next
  • Add Events and Conditions to trigger the alarm
  • Next
  • Optional: Click + to add actions on alarm state changes
  • Click Finish

Tools

• NSX Administration Guide
• vSphere Networking Guide
• vSphere Command-Line Interface Concepts and Examples
• vSphere Web Client
• NSX Ticket Logger
• ESXi Host CLI
• pktcap-uw
• Netflow
• RSPAN/ERSPAN
• VDS Health Check