NSX 6.2 Centralized CLI, VXLAN

 
Continuing my posts on NSX Centralized CLI, I wanted to dive into VLXAN commands next. I have included all of the logical switch commands below that you can run from the NSX Manager shell. There are almost 25 in total and I wanted to touch on what I feel are the most useful commands.
 

show controller list all
show logical-switch list all
show logical-switch list vni  host
show logical-switch list host  vni
show logical-switch  host  verbose
show logical-switch  host  config-by-vsm
show logical-switch  host  statistics
show logical-switch  host  vni  verbose
show logical-switch  host  vni  mac
show logical-switch  host  vni  arp
show logical-switch  host  vni  vtep
show logical-switch  host  vni  statistics
show logical-switch  host  vni  port  statistics
show logical-switch controller  vni  brief
show logical-switch controller  vni  mac
show logical-switch controller  vni  vtep
show logical-switch controller  vni  arp
show logical-switch controller  vni  connection
show logical-switch controller  vni  statistics
show logical-switch controller  host  mac
show logical-switch controller  host  vtep
show logical-switch controller  host  arp
show logical-switch controller  host  joined-vnis

 
First, you will want to list all of the NSX controllers so that you can get the controller-id which will be used in a large portion of these commands.
 

NAME                 IP                                   State
controller-3         192.168.110.33                       RUNNING
controller-1         192.168.110.31                       RUNNING
controller-2         192.168.110.32                       RUNNING

 
It may also be useful to gather the host-id as it is used extensively for the VLXAN commands. You can find more information about the commands I am running to gather the host-ids here.
 

nsxmgr-01a> show cluster domain-c33
Datacenter: Datacenter Site A
Cluster: Compute Cluster A
No.  Host Name            Host Id                  Installation Status
1    esx-02a.corp.local   host-32                  Ready
2    esx-01a.corp.local   host-28                  Ready
nsxmgr-01a> show cluster domain-c41
Datacenter: Datacenter Site A
Cluster: Management & Edge Cluster
No.  Host Name               Host Id                  Installation Status
1    esxmgt-01a.corp.local   host-202                 Ready
2    esxmgt-02a.corp.local   host-203                 Ready

 
Once you have the host-id and controller-id information you can dive into the commands. Let’s start with listing all of the logical switches. This command will provide the Name, UUID, VNI, Transport Zone, and Zone ID, all very useful information.
 

nsxmgr-01a> show logical-switch list all
NAME                 UUID                                 VNI        Trans Zone Name      Trans Zone ID
Transit-Network-01   7ad8bc71-5857-475c-af2a-a9e5337b0944 5000       Local-Transport-Zone-A vdnscope-1
Web-Tier-01          be6871fb-cefb-4488-9b16-3e77cf0a3482 5001       Local-Transport-Zone-A vdnscope-1
App-Tier-01          33fec704-41f5-4f58-b41d-65d78c2439b5 5002       Local-Transport-Zone-A vdnscope-1
DB-Tier-01           80e964af-5a77-4b18-a5aa-d479c1447b1b 5003       Local-Transport-Zone-A vdnscope-1

 
My favorite centralized VXLAN command is shown below and it will list all of the important information about a specific ESXi host: The VLXAN Global States, VDS, vmk, and all of the logical switches. More importantly, it shows the logical switch vni, multicast IP, control plane, controller that owns the vni, MAC, ARP and port count. This command probably looks very familiar if you have been working with NSX prior to 6.2; it will provide the same information as the previous ‘net-vdl2 -l’ command that you would run on ESXi. However, you won’t have to log into each individual host to run the command, all you have to do is specify the host-id from the NSX Manager.
 

nsxmgr-01a> show logical-switch host host-32 verbose
VXLAN Global States:
        Control plane Out-Of-Sync:      No
        UDP port:       8472
VXLAN VDS:      vds-site-a
        VDS ID: c2 fb 2e 50 fb 09 5f 02-99 94 60 9f 68 ed 95 33
        MTU:    1600
        Segment ID:     192.168.130.0
        Gateway IP:     192.168.130.1
        Gateway MAC:    00:50:56:01:20:a6
        Vmknic count:   1
                VXLAN vmknic:   vmk3
                        VDS port ID:    160
                        Switch port ID: 33554441
                        Endpoint ID:    0
                        VLAN ID:        0
                        IP:             192.168.130.51
                        Netmask:        255.255.255.0
                        Segment ID:     192.168.130.0
                        IP acquire timeout:     0
                        Multicast group count:  0
        Network count:  4
                VXLAN network:  5002
                        Multicast IP:   N/A (headend replication)
                        Control plane:  Enabled (multicast proxy,ARP proxy)
                        Controller:     192.168.110.32 (up)
                        MAC entry count:        3
                        ARP entry count:        0
                        Port count:     2
                VXLAN network:  5001
                        Multicast IP:   N/A (headend replication)
                        Control plane:  Enabled (multicast proxy,ARP proxy)
                        Controller:     192.168.110.33 (up)
                        MAC entry count:        4
                        ARP entry count:        0
                        Port count:     2
                VXLAN network:  5000
                        Multicast IP:   N/A (headend replication)
                        Control plane:  Enabled (multicast proxy,ARP proxy)
                        Controller:     192.168.110.32 (up)
                        MAC entry count:        3
                        ARP entry count:        0
                        Port count:     1
                VXLAN network:  5003
                        Multicast IP:   N/A (headend replication)
                        Control plane:  Enabled (multicast proxy,ARP proxy)
                        Controller:     192.168.110.31 (up)
                        MAC entry count:        2
                        ARP entry count:        0
                        Port count:     2

 
The next command may also show familiar out; it shows the VSM config that is pushed to the ESXi host. In one of my recent posts I did an NSX controller deep dive and connectivity verification. In that post I mentioned that it’s important to confirm valid information in the ESXi file /etc/vmware/netcpa/config-by-vsm.xml. Yet another reason I love this centralized CLI — I don’t have to log into each host and view this file.
 

nsxmgr-01a> show logical-switch host host-32 config-by-vsm
<config>
  <connectionList>
    <connection id="0000">
      <port>1234</port>
      <server>192.168.110.31</server>
      <sslEnabled>true</sslEnabled>
      <thumbprint>A5:C6:A2:B2:57:97:36:F0:7C:13:DB:64:9B:86:E6:EF:1A:7E:5C:36</thumbprint>
    </connection>
    <connection id="0001">
      <port>1234</port>
      <server>192.168.110.32</server>
      <sslEnabled>true</sslEnabled>
      <thumbprint>12:E0:25:B2:E0:35:D7:84:90:71:CF:C7:53:97:FD:96:EE:ED:7C:DD</thumbprint>
    </connection>
    <connection id="0002">
      <port>1234</port>
      <server>192.168.110.33</server>
      <sslEnabled>true</sslEnabled>
      <thumbprint>BD:DB:BA:B0:DC:61:AD:94:C6:0F:7E:F5:80:19:44:51:BA:90:2C:8D</thumbprint>
    </connection>
  </connectionList>
  <localeId>
    <id>423A993F-BEE6-1285-58F1-54E48D508D90</id>
  </localeId>
  <vdrDvsList>
    <vdrDvs id="0000">
      <numActiveUplink>1</numActiveUplink>
      <numUplink>4</numUplink>
      <teamingPolicy>FAILOVER_ORDER</teamingPolicy>
      <uplinkPortNames>Uplink 4,Uplink 3,Uplink 2,Uplink 1</uplinkPortNames>
      <uuid>c2 fb 2e 50 fb 09 5f 02-99 94 60 9f 68 ed 95 33</uuid>
      <vxlanOnly>true</vxlanOnly>
    </vdrDvs>
  </vdrDvsList>
  <vdrInstanceList>
    <vdrInstance id="0000">
      <authToken>0f58a2b5-8ee1-482d-aa41-8da85f9596bd</authToken>
      <isUniversal>false</isUniversal>
      <localEgressRequired>false</localEgressRequired>
      <vdrId>5000</vdrId>
      <vdrName>default+edge-2</vdrName>
    </vdrInstance>
  </vdrInstanceList>
</config>

 
To grab VTEP information on a given host, you can use this command.
 

nsxmgr-01a> show logical-switch host host-28 vni 5000 vtep
VTEP count:     2
        Segment ID:     192.168.120.0
        VTEP IP:        192.168.120.51
        Flags:  0(None)

        Segment ID:     192.168.120.0
        VTEP IP:        192.168.120.52
        Flags:  1(MTEP)

 
If you would like to view the mac table on a specific VNI you will run the following command. Remember, each controller owns a VNI so they can distribute the workload via “slicing.” Based on the previous commands I ran, I know that controller-1 owns VNI 5003. As you can see there is one VM on this logical-switch.
 

nsxmgr-01a> show logical-switch controller controller-1 vni 5003 mac
VNI      MAC               VTEP-IP         Connection-ID
5003     00:50:56:ae:d4:2b 192.168.130.51  5

 
This command is the same as ‘show control-cluster logical-switches mac-table 5003‘ Just for confirmation, I have provided a screenshot of the VM mac address below, confirming it is on VNI 5003 and the MAC address.
 
1
 
The remaining commands that I didn’t run through are somewhat redundant information. They will provide you with subsets of the data we collected via previous commands so I decided not to go into them; but definitely suggest playing around with them. Note: One thing I did find when testing the remaining five commands, is that the host-id field will return an error unless you use the IP address.
 

show logical-switch controller  host  mac
show logical-switch controller  host  vtep
show logical-switch controller  host  arp
show logical-switch controller  host  joined-vnis

 
When I changed the command to the IP address, it returned appropriately as shown below.
 

nsxmgr-01a> show logical-switch controller controller-1 host host-32 joined-vnis
Error: 5016: The network name esx-02a.corp.local of the host host-32 is not a valid IP address. The IP address of the host is expected as the argument.
nsxmgr-01a> show logical-switch controller controller-1 host 192.168.110.52 joined-vnis
VNI      Controller      BUM-Replication ARP-Proxy Connections
5003     192.168.110.31  Enabled         Enabled   2

 

Posted by:

Sean Whitney

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top