NSX 6.2 Centralized CLI, Edge Services Gateway
As discussed in a previous post, we have developed a centralized set of commands that can be run from the NSX manager instead of having to get a session into each NSX component. In this post I will focus on the Edge Services Gateway centralized commands; we have pushed out more than 60 total commands and I will list them here and go through what I feel are the most useful subsets. It’s important to remember that these commands are only going to provide you with information, rather than allow you to make changes. I know this is a limitation, but I feel it’s still very useful, especially if you just need to grab specific IDs of devices to run API calls, or confirm services are running with proper configuration without having to SSH into each component.
While the list below is not all exclusive, it gives you an idea of what can be run. There are multiple subsets of each of the commands below; for example, ‘show edge edge-id service‘ has subsets for loadbalancer, monitor, ipset, highavailability, dhcp, and dns.
show edgeversion Show version eventmgr Show event manager statistics log Show system logs ipset Show ipset information nat Show nat packet counters arp Show arp cache firewall Show firewall packet counters flowtable Show flow table process Edge Process Commands system Edge System Commands messagebus Edge Messagebus Commands configuration Edge Configuration Commands interface Edge Interface Command ip Edge IP Commands service Edge Service Commands
The first thing you will want to do, is list out all of the edge devices in your NSX environment. This will provide you will all of the edge ID’s which will be used to run commands against a specific edge, as well as it provides the name, size, version, and status.
nsxmgr-01a> show edge all Legend: Edge Size: Compact - C, Large - L, X-Large - X, Quad-Large - Q Edge ID Name Size Version Status edge-2 Local-Distributed-Router C 6.2.0 GREEN edge-3 Perimeter-Gateway-01 C 6.2.0 GREEN edge-4 OneArm-LoadBalancer-01 C 6.2.0 GREEN edge-5 Perimeter-Gateway-02 C 6.2.0 GREEN edge-6 OneArm-LoadBalancer-02 C 6.2.0 GREEN
One of the best commands to utilize, is the ‘show edge edge-id log‘ command. You can view the logs on each individual edge services gateway to troubleshoot through any issues you may be experiencing.
nsxmgr-01a> show edge edge-2 log 2015-11-05T15:53:38+00:00 Local-Distributed-Router-0 syslog-ng[676]: [default]: [syslog.info] Log statistics; processed='src.internal(src#1)=937', stamp='src.internal(src#1)=1446737621', processed='source(s_udp)=0', processed='global(payload_reallocs)=2685', processed='destination(df_all)=2388', processed='global(msg_clones)=16096', processed='center(queued)=0', processed='global(sdata_updates)=0', processed='destination(loghost)=3336', processed='destination(df_console)=32', processed='center(received)=0', processed='source(src)=1107', processed='source(ksrc)=1281' 2015-11-05T16:13:38+00:00 Local-Distributed-Router-0 [syslog.info] -- MARK -- 2015-11-05T16:33:38+00:00 Local-Distributed-Router-0 [syslog.info] -- MARK -- 2015-11-05T16:53:38+00:00 Local-Distributed-Router-0 [syslog.info] -- MARK -- 2015-11-05T17:04:18+00:00 Local-Distributed-Router-0 MsgMgr: [daemon.debug] Info: initialized regex for command 2015-11-05T17:04:18+00:00 Local-Distributed-Router-0 MsgMgr: [daemon.debug] Info: initialized regex for command ID
It’s also possible to see the edge arp cache which can come in handy.
nsxmgr-01a> show edge edge-2 arp haIndex: 0 ----------------------------------------------------------------------- vShield Edge ARP Cache: nsxmgr-01a> show edge edge-3 arp haIndex: 0 ----------------------------------------------------------------------- vShield Edge ARP Cache: IP Address Interface MAC Address State 192.168.100.1 vNic_0 00:50:56:01:20:a5 REACHABLE
If you would like to review the edge for performance issues surrounding CPU, memory, disk space, or net-work stats, you will use the ‘show edge edge-id system‘ commands. Furthermore, you can view the processes running and the CPU/Memory they are consuming with the ‘show edge edge-id process‘ command.
nsxmgr-01a> show edge edge-2 system storage haIndex: 0 Filesystem Size Used Avail Use% Mounted on /dev/sda1 372M 321M 33M 91% / /dev/sda2 47M 5.0M 40M 12% /var/db /dev/sda3 31M 4.5M 25M 15% /var/dumpfiles /dev/sda4 34M 6.5M 26M 21% /var/log nsxmgr-01a> show edge edge-2 system memory haIndex: 0 MemTotal: 505212 kB MemFree: 341236 kB ... nsxmgr-01a> show edge edge-2 process list haIndex: 0 %CPU %MEM VSZ RSZ STAT STARTED TIME COMMAND 0.0 0.1 3956 696 Ss Oct 23 00:00:21 init [3] 0.0 0.0 0 0 S Oct 23 00:00:00 [kthreadd] 0.0 0.0 0 0 S Oct 23 00:00:08 [ksoftirqd/0] ...
To view the running configuration you will use the ‘show edge edge-id configuration‘ command. You will be able to see the configuration of all of the services shown below.
application-set Show application-set configuration dns Show dns configuration highavailability Show highavailability configuration ipset Show ipset configuration nat Show NAT configuration sslvpn-plus Show sslvpn-plus configuration bgp Show bgp configuration firewall Show firewall configuration interface Show interface configuration isis Show ISIS configuration ospf Show OSPF configuration static-routing Show static-routing configuration certificatestore Show certificatestore configuration global Show global configuration interface-set Show interface-set configuration l2vpn Show L2VPN configuration routing-global Show routing-global configuration syslog Show SYSLOG configuration dhcp Show DHCP configuration gslb Show gslb configuration ipsec Show IPSEC configuration loadbalancer Show loadbalancer configuration snmp Show SNMP configuration provider-ipset Show provider's ipset configuration provider-appset Show provider's application-set configuration
The last command I will go through that I find useful is the ‘ip-route‘ command. This will help when troubleshooting routing issues, dynamic routes learned, static routes, and more. To view this information, run the command below.
nsxmgr-01a> show edge edge-3 ip route haIndex: 0 Codes: O - OSPF derived, i - IS-IS derived, B - BGP derived, C - connected, S - static, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - OSPF inter area, E1 - OSPF external type 1, E2 - OSPF external type 2, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 Total number of routes: 6 B 0.0.0.0/0 [20/0] via 192.168.100.1 O E2 172.16.10.0/24 [110/1] via 192.168.5.2 O E2 172.16.20.0/24 [110/1] via 192.168.5.2 O E2 172.16.30.0/24 [110/1] via 192.168.5.2 C 192.168.5.0/29 [0/0] via 192.168.5.1 C 192.168.100.0/24 [0/0] via 192.168.100.3
There are still several commands I didn’t go through but I wanted to provide a good foundation of the centralized edge commands to get everyone started. As always, feel free to post any questions or comments below!
Leave A Comment