Capture traffic on the ingress and egress interface to troubleshoot edge connectivity issues.

  1. Initiate controlled traffic from a client using the ping <destination_IP_address> command.
  2. Capture traffic simultaneously on both interfaces, write the output to a file, and export it using SCP.

    For example:

    Capture the traffic on the ingress interface with this command: 
    debug packet display interface vNic_0 –n_src_host_1.1.1.1
    Capture the traffic on the egress interface with this command: 
    debug packet display interface vNic_1 –n_src_host_1.1.1.1

    For simultaneous packet capture, use the ESXi packet capture utility pktcap-uw tool in ESXi. See https://kb.vmware.com/kb/2051814.

    If the packet drops are consistent, check for configuration errors related to:
    • IP addresses and routes
    • Firewall rules or NAT rules
    • Asymmetric routing
    • RP filter checks
    1. Check interface IP/subnets with the show interface command.
    2. If there are missing routes at the data plane, run these commands:
      • show ip route
      • show ip route static
      • show ip route bgp
      • show ip route ospf
    3. Check the routing table for needed routes by running the show ip forwarding command.
    4. If you have multiple paths, run the show rpfilter command. 
      nsxedge> show rpfilter
net.ipv4.conf.VDR.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.br-sub.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.vNic_0.rp_filter = 1
net.ipv4.conf.vNic_1.rp_filter = 1
net.ipv4.conf.vNic_2.rp_filter = 1
net.ipv4.conf.vNic_3.rp_filter = 1
net.ipv4.conf.vNic_4.rp_filter = 1
net.ipv4.conf.vNic_5.rp_filter = 1
net.ipv4.conf.vNic_6.rp_filter = 1
net.ipv4.conf.vNic_7.rp_filter = 1
net.ipv4.conf.vNic_8.rp_filter = 1
net.ipv4.conf.vNic_9.rp_filter = 1

nsxedge> show rpfstats
RPF drop packet count: 484

      To check for RPF statistics, run the show rpfstats command. 

      nsxedge> show rpfstats
RPF drop packet count: 484
    If the packet drops appear randomly, check for resource limitations:
    1. For CPU or memory usage, run these commands:
      • show system cpu
      • show system memory
      • show system storage
      • show process monitor
      • top

        For ESXi, run the esxtop n command. 

        PCPU USED(%): 2.5 5.0 3.7  77 AVG:  22
PCPU UTIL(%): 0.5 2.7 3.3  92 AVG:  24

      ID      GID NAME             NWLD   %USED    %RUN    %SYS   %WAIT          
98255269 98255269 esxtop.11224149     1   67.04   69.86    0.00    6.26       
       2        2 system            139    3.03    4.61    0.00 12053.58    
   86329    86329 app-01a             6    0.69    0.57    0.00  466.09    
   78730    78730 db-01a              6    0.48    0.67    0.00  441.44     
   90486    90486 app-02a             6    0.38    0.32    0.00  463.42      
    
 %VMWAIT    %RDY    %IDLE    %OVRLP    %CSTP   %MLMTD    %SWPWT
 11.01       -    0.39    0.00    0.09    0.00    0.00    0.00
 600.00   53.81    0.10   93.13    0.00    0.00    0.00    0.00
 13900.00       -   28.68    0.00    2.69    0.00    0.00    0.00
 600.00   53.81    0.10   93.13    0.00    0.00    0.00    0.00
 600.00    0.00    0.19  151.92    0.00    0.00    0.00    0.00