When I say between two VMs, there can be many use cases as below
Use Case 1: These two VMs can be on same host and in same VXLAN
Use Case 2: These two VMs can be on same hosts and in different VXLAN
Use Case 3: These VMs can be on different host and in same VXLAN
Use Case 4: These can be on different hosts and in different VXLAN
Use Case 5: There might be edge router or firewall coming in between
.
.
.
etc....
*portgroup=VXLAN
In any of the Use case, even when you do know or don't know the architecture and even you don't know the port\firewall configuration, you can troubleshoot this issue.
Simply, use "Traceflow" for NSX. You can find it in NSX plugin for vCenter Server.
How to use it?
Login vCenter server and go to Networking and Security plugin.
Click on Traceflow as shown below and follow the given steps
You will notice that packet has been successfully delivered to its destination by following the path.
Source vNIC -> Firewall -> logical switch -> physical media -> Firewall --> destination vNIC
You will also notice that there are two entries for firewall after ejection from source vNIC and before receiving of packet to destination vNIC.
This is because first packet was received by the firewall and then forwarded by the firewall. However it is also crystal clear from the above diagram if you see thoroughly.
Now let me give you an example of failed delivery.
Here, you can clearly see that packet is dropped between source and destination.
Check that at which stage it was dropped. You will see that on firewall it dropped due to rule number 1013. Now further you can check the firewall rule and make it allow as per your requirement.
Hopefully it was quite knowledge and easy to troubleshoot such communication issue.
This method is also helpful to know the communication path between two VMs when you don't know. isn't it?
Feel free to ask any question!
Thank you,
Team vCloudNotes
Use Case 1: These two VMs can be on same host and in same VXLAN
Use Case 2: These two VMs can be on same hosts and in different VXLAN
Use Case 3: These VMs can be on different host and in same VXLAN
Use Case 4: These can be on different hosts and in different VXLAN
Use Case 5: There might be edge router or firewall coming in between
.
.
.
etc....
*portgroup=VXLAN
In any of the Use case, even when you do know or don't know the architecture and even you don't know the port\firewall configuration, you can troubleshoot this issue.
Simply, use "Traceflow" for NSX. You can find it in NSX plugin for vCenter Server.
How to use it?
Login vCenter server and go to Networking and Security plugin.
Click on Traceflow as shown below and follow the given steps
You will notice that packet has been successfully delivered to its destination by following the path.
Source vNIC -> Firewall -> logical switch -> physical media -> Firewall --> destination vNIC
You will also notice that there are two entries for firewall after ejection from source vNIC and before receiving of packet to destination vNIC.
This is because first packet was received by the firewall and then forwarded by the firewall. However it is also crystal clear from the above diagram if you see thoroughly.
Now let me give you an example of failed delivery.
 |
| Downloaded from docs.vmware.com |
Check that at which stage it was dropped. You will see that on firewall it dropped due to rule number 1013. Now further you can check the firewall rule and make it allow as per your requirement.
Hopefully it was quite knowledge and easy to troubleshoot such communication issue.
This method is also helpful to know the communication path between two VMs when you don't know. isn't it?
Feel free to ask any question!
Thank you,
Team vCloudNotes
0 Comments:
Post a Comment