This section provides a summary of the CLI commands that are commonly used for troubleshooting NSX routing.

NSX Manager

Starting in NSX 6.2, commands that were formerly run from the NSX Controller and other NSX components to troubleshoot NSX routing are now run directly from the NSX Manager.

  • List of DLR instances

  • List of LIFs for each DLR instance

  • List of Routes for each DLR instance

  • List of MAC addresses for each DLR bridging instance

  • Interfaces

  • Routing and forwarding tables

  • State of dynamic routing protocols (OSPF or BGP)

  • Configuration sent to the DLR Control VM or ESG by the NSX Manager

DLR Control VM and ESG

The DLR Control VM and ESG provide functionality to capture packets on their interfaces. Packet capture can assist with troubleshooting routing protocol problems.

  1. Run show interfaces to list the interface names.

  2. Run debug packet [ display | capture ] interface <interface name>.

    • If using capture, packets are saved into a .pcap file.

  3. Run debug show files to list saved capture files.

  4. Run debug copy [ scp | ftp ] ... to download captures for offline analysis.

dlr-01-0> debug packet capture interface vNic_2
tcpdump: listening on vNic_2, link-type EN10MB (Ethernet), capture size 65535 bytes
43 packets captured
48 packets received by filter
0 packets dropped by kernel

dlr-01-0> debug show files
total 4.0K
-rw------- 1 3.6K Mar 30 23:49 tcpdump_vNic_2.0

dlr-01-0> debug copy
  scp  use scp to copy
  ftp  use ftp to copy

dlr-01-0> debug copy scp
  URL  user@<remote-host>:<path-to>

The debug packet command uses tcpdump in the background and can accept filtering modifiers formatted in like tcpdump filtering modifiers on UNIX. The only consideration is that any white spaces in the filter expression need to be replaced with underscores ("_").

For example, the following command displays all traffic through vNic_0 except SSH, to avoid looking at the traffic belonging to the interactive session itself.

plr-02-0> debug packet display interface vNic_0 port_not_22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vNic_0, link-type EN10MB (Ethernet), capture size 65535 bytes
04:10:48.197768 IP 192.168.101.3.179 > 192.168.101.2.25698: Flags [P.], seq 4191398894:4191398913, ack 2824012766, win 913, length 19: BGP, length: 19
04:10:48.199230 IP 192.168.101.2.25698 > 192.168.101.3.179: Flags [.], ack 19, win 2623, length 0
04:10:48.299804 IP 192.168.101.2.25698 > 192.168.101.3.179: Flags [P.], seq 1:20, ack 19, win 2623, length 19: BGP, length: 19
04:10:48.299849 IP 192.168.101.3.179 > 192.168.101.2.25698: Flags [.], ack 20, win 913, length 0
04:10:49.205347 IP 192.168.101.3.179 > 192.168.101.2.25698: Flags [P.], seq 19:38, ack 20, win 913, length 19: BGP, length: 19

ESXi Hosts

Hosts are closely connected to NSX Routing. 1 shows visually the components participating in the routing subsystem and the NSX Manager CLI commands used to display information about them:

Figure 1. Host Components Related to Troubleshooting NSX Routing

Packets captured in the datapath can assist with identifying problems at various stages of packet forwarding. 2 covers the major capture points and respective CLI command to use.

Figure 2. Capture Points and Related CLI Commands