The steps in this section are for troubleshooting connectivity issues between VMs on different hypervisors through the overlay switch when the config and runtime states are normal.

If the VMs are on the same hypervisor, go to Troubleshoot ARP Issues for an Overlay Logical Switch.

Procedure

  1. Run the following command on the controller that has the logical switch to see if CCP has the correct VTEP list:
    controller1> get logical-switch 5000 vtep
  2. On each hypervisor, run the following NSX CLI command to see if it has the correct VTEP list:

    On ESXi:

    host1> get logical-switch <logical-switch-UUID> tep-table

    Alternatively, you can run the following shell command for the VTEP information:

    [root@host1:~] net-vdl2 -M vtep -s vds -n VNI

    On KVM:

    host1> get logical-switch <logical-switch-UUID or VNI> tep-table
  3. Check to see if the VTEPs on the hypervisors can ping each other.

    At the ESXi shell prompt:

    host1> ping ++netstack=vxlan <remote-VTEP-IP>

    At the KVM shell prompt:

    host1> ping <remote-VTEP-IP>

    If the VTEPs cannot ping each other,

    1. Make sure the transport VLAN specified when creating the transport node matches what the underlay expects. If you are using access ports in the underlay, the transport VLAN should be set to 0. If you are specifying a transport VLAN, the underlay switch ports that the hypervisors connect to should be configured to accept this VLAN in trunk mode.

    2. Check underlay connectivity.

  4. Check if the BFD sessions between the VTEPs are up.

    On ESXi, run net-vdl2 -M bfd and look at the response. For example,

    BFD count: 1
    ===========================
    Local IP: 192.168.48.35, Remote IP: 192.168.197.243, Local State: up, Remote State: up, Local
    Diag: No Diagnostic, Remote Diag: No Diagnostic, minRx: 1000000, isDisabled: 0

    On KVM, find the GENEVE interface to the remote IP.

    ovs-vsctl list interface <GENEVE-interface-name>

    If you don’t know the interface name, run ovs-vsctl find Interface type=geneve to return all tunnel interfaces. Look for BFD information.

    If you cannot find an GENEVEinterface to remote VTEP, check if nsx-agent is running and OVS integration bridge is connected to nsx-agent.

    [root@host1 ~]# ovs-vsctl show
    96c9e543-fc68-448a-9882-6e161c313a5b
      Manager "tcp:127.0.0.1:6632"
        is_connected: true 
      Bridge nsx-managed
        Controller "tcp:127.0.0.1:6633"
          is_connected: true
        Controller "unix:ovs-l3d.mgmt"
          is_connected: true
        fail_mode: secure