Continuing my posts on NSX Centralized CLI, I wanted to dive into VLXAN commands next. I have included all of the logical switch commands below that you can run from the NSX Manager shell. There are almost 25 in total and I wanted to touch on what I feel are the most useful commands.
show controller list all show logical-switch list all show logical-switch list vni
host show logical-switch list host vni show logical-switch host verbose show logical-switch host config-by-vsm show logical-switch host statistics show logical-switch host vni verbose show logical-switch host vni mac show logical-switch host vni arp show logical-switch host vni vtep show logical-switch host vni statistics show logical-switch host vni port statistics show logical-switch controller vni brief show logical-switch controller vni mac show logical-switch controller vni vtep show logical-switch controller vni arp show logical-switch controller vni connection show logical-switch controller vni statistics show logical-switch controller host mac show logical-switch controller host vtep show logical-switch controller host arp show logical-switch controller host joined-vnis
First, you will want to list all of the NSX controllers so that you can get the controller-id which will be used in a large portion of these commands.
NAME IP State controller-3 192.168.110.33 RUNNING controller-1 192.168.110.31 RUNNING controller-2 192.168.110.32 RUNNING
It may also be useful to gather the host-id as it is used extensively for the VLXAN commands. You can find more information about the commands I am running to gather the host-ids here.
nsxmgr-01a> show cluster domain-c33 Datacenter: Datacenter Site A Cluster: Compute Cluster A No. Host Name Host Id Installation Status 1 esx-02a.corp.local host-32 Ready 2 esx-01a.corp.local host-28 Ready nsxmgr-01a> show cluster domain-c41 Datacenter: Datacenter Site A Cluster: Management & Edge Cluster No. Host Name Host Id Installation Status 1 esxmgt-01a.corp.local host-202 Ready 2 esxmgt-02a.corp.local host-203 Ready
Once you have the host-id and controller-id information you can dive into the commands. Let’s start with listing all of the logical switches. This command will provide the Name, UUID, VNI, Transport Zone, and Zone ID, all very useful information.
nsxmgr-01a> show logical-switch list all NAME UUID VNI Trans Zone Name Trans Zone ID Transit-Network-01 7ad8bc71-5857-475c-af2a-a9e5337b0944 5000 Local-Transport-Zone-A vdnscope-1 Web-Tier-01 be6871fb-cefb-4488-9b16-3e77cf0a3482 5001 Local-Transport-Zone-A vdnscope-1 App-Tier-01 33fec704-41f5-4f58-b41d-65d78c2439b5 5002 Local-Transport-Zone-A vdnscope-1 DB-Tier-01 80e964af-5a77-4b18-a5aa-d479c1447b1b 5003 Local-Transport-Zone-A vdnscope-1
My favorite centralized VXLAN command is shown below and it will list all of the important information about a specific ESXi host: The VLXAN Global States, VDS, vmk, and all of the logical switches. More importantly, it shows the logical switch vni, multicast IP, control plane, controller that owns the vni, MAC, ARP and port count. This command probably looks very familiar if you have been working with NSX prior to 6.2; it will provide the same information as the previous ‘net-vdl2 -l’ command that you would run on ESXi. However, you won’t have to log into each individual host to run the command, all you have to do is specify the host-id from the NSX Manager.
nsxmgr-01a> show logical-switch host host-32 verbose VXLAN Global States: Control plane Out-Of-Sync: No UDP port: 8472 VXLAN VDS: vds-site-a VDS ID: c2 fb 2e 50 fb 09 5f 02-99 94 60 9f 68 ed 95 33 MTU: 1600 Segment ID: 192.168.130.0 Gateway IP: 192.168.130.1 Gateway MAC: 00:50:56:01:20:a6 Vmknic count: 1 VXLAN vmknic: vmk3 VDS port ID: 160 Switch port ID: 33554441 Endpoint ID: 0 VLAN ID: 0 IP: 192.168.130.51 Netmask: 255.255.255.0 Segment ID: 192.168.130.0 IP acquire timeout: 0 Multicast group count: 0 Network count: 4 VXLAN network: 5002 Multicast IP: N/A (headend replication) Control plane: Enabled (multicast proxy,ARP proxy) Controller: 192.168.110.32 (up) MAC entry count: 3 ARP entry count: 0 Port count: 2 VXLAN network: 5001 Multicast IP: N/A (headend replication) Control plane: Enabled (multicast proxy,ARP proxy) Controller: 192.168.110.33 (up) MAC entry count: 4 ARP entry count: 0 Port count: 2 VXLAN network: 5000 Multicast IP: N/A (headend replication) Control plane: Enabled (multicast proxy,ARP proxy) Controller: 192.168.110.32 (up) MAC entry count: 3 ARP entry count: 0 Port count: 1 VXLAN network: 5003 Multicast IP: N/A (headend replication) Control plane: Enabled (multicast proxy,ARP proxy) Controller: 192.168.110.31 (up) MAC entry count: 2 ARP entry count: 0 Port count: 2
The next command may also show familiar out; it shows the VSM config that is pushed to the ESXi host. In one of my recent posts I did an NSX controller deep dive and connectivity verification. In that post I mentioned that it’s important to confirm valid information in the ESXi file /etc/vmware/netcpa/config-by-vsm.xml. Yet another reason I love this centralized CLI — I don’t have to log into each host and view this file.
nsxmgr-01a> show logical-switch host host-32 config-by-vsm <config> <connectionList> <connection id="0000"> <port>1234</port> <server>192.168.110.31</server> <sslEnabled>true</sslEnabled> <thumbprint>A5:C6:A2:B2:57:97:36:F0:7C:13:DB:64:9B:86:E6:EF:1A:7E:5C:36</thumbprint> </connection> <connection id="0001"> <port>1234</port> <server>192.168.110.32</server> <sslEnabled>true</sslEnabled> <thumbprint>12:E0:25:B2:E0:35:D7:84:90:71:CF:C7:53:97:FD:96:EE:ED:7C:DD</thumbprint> </connection> <connection id="0002"> <port>1234</port> <server>192.168.110.33</server> <sslEnabled>true</sslEnabled> <thumbprint>BD:DB:BA:B0:DC:61:AD:94:C6:0F:7E:F5:80:19:44:51:BA:90:2C:8D</thumbprint> </connection> </connectionList> <localeId> <id>423A993F-BEE6-1285-58F1-54E48D508D90</id> </localeId> <vdrDvsList> <vdrDvs id="0000"> <numActiveUplink>1</numActiveUplink> <numUplink>4</numUplink> <teamingPolicy>FAILOVER_ORDER</teamingPolicy> <uplinkPortNames>Uplink 4,Uplink 3,Uplink 2,Uplink 1</uplinkPortNames> <uuid>c2 fb 2e 50 fb 09 5f 02-99 94 60 9f 68 ed 95 33</uuid> <vxlanOnly>true</vxlanOnly> </vdrDvs> </vdrDvsList> <vdrInstanceList> <vdrInstance id="0000"> <authToken>0f58a2b5-8ee1-482d-aa41-8da85f9596bd</authToken> <isUniversal>false</isUniversal> <localEgressRequired>false</localEgressRequired> <vdrId>5000</vdrId> <vdrName>default+edge-2</vdrName> </vdrInstance> </vdrInstanceList> </config>
To grab VTEP information on a given host, you can use this command.
nsxmgr-01a> show logical-switch host host-28 vni 5000 vtep VTEP count: 2 Segment ID: 192.168.120.0 VTEP IP: 192.168.120.51 Flags: 0(None) Segment ID: 192.168.120.0 VTEP IP: 192.168.120.52 Flags: 1(MTEP)
If you would like to view the mac table on a specific VNI you will run the following command. Remember, each controller owns a VNI so they can distribute the workload via “slicing.” Based on the previous commands I ran, I know that controller-1 owns VNI 5003. As you can see there is one VM on this logical-switch.
nsxmgr-01a> show logical-switch controller controller-1 vni 5003 mac VNI MAC VTEP-IP Connection-ID 5003 00:50:56:ae:d4:2b 192.168.130.51 5
This command is the same as ‘show control-cluster logical-switches mac-table 5003‘ Just for confirmation, I have provided a screenshot of the VM mac address below, confirming it is on VNI 5003 and the MAC address.
The remaining commands that I didn’t run through are somewhat redundant information. They will provide you with subsets of the data we collected via previous commands so I decided not to go into them; but definitely suggest playing around with them. Note: One thing I did find when testing the remaining five commands, is that the host-id field will return an error unless you use the IP address.
show logical-switch controller
host mac show logical-switch controller host vtep show logical-switch controller host arp show logical-switch controller host joined-vnis
When I changed the command to the IP address, it returned appropriately as shown below.
nsxmgr-01a> show logical-switch controller controller-1 host host-32 joined-vnis Error: 5016: The network name esx-02a.corp.local of the host host-32 is not a valid IP address. The IP address of the host is expected as the argument. nsxmgr-01a> show logical-switch controller controller-1 host 192.168.110.52 joined-vnis VNI Controller BUM-Replication ARP-Proxy Connections 5003 192.168.110.31 Enabled Enabled 2