Manage and report on a Logical Switch using NSX Controller and ESXi CLI commands

NSX Controller CLI

To display a full list of commands for logical switches on an NSX Controller, run show control-cluster logical-switches and hit Enter

nsx-controller # show control-cluster logical-switches

  Command keyword: stats
  Description: Stats of all logical switches on this controller

  Command keyword: stats-sample
  Description: Latest samples of node statistics

  Command keyword: pkt-cap  
  Description: Show packet capture data for the specified packet capture operation

  Command keyword: vni 
  Description: controller, configuration, and status of the specified VNI

  Command keyword: vni-stats 
  Description: statistics of the specified VNI

  Command keyword: connection-table 
  Description: connections joined the specified VNI

  Command keyword: vtep-table 
  Description: VTEP records of the specified VNI

  Command keyword: mac-table 
  Description: MAC records of the specified VNI

  Command keyword: arp-table 
  Description: ARP records of the specified VNI

  Command keyword: joined-vnis 
  Description: VNI's joined by the specified connection

  Command keyword: vtep-records 
  Description: VTEP records updated from the specified connection

  Command keyword: mac-records 
  Description: MAC records updated from the specified connection

  Command keyword: arp-records 
  Description: ARP records updated from the specified connection

  Command keyword: vni-stats-sample 
  Description: latest statitics samples of the specified VNI

Once you have all the commands you can run above, start playing with each one of them to see the functionality. I’ll list the commands that I feel are most useful.

Command: show control-cluster logical-switches vni VNI_NUMBER

Functionality: Configuration for the specified VNI

Example output

nsx-controller # show control-cluster logical-switches vni 5000
VNI      Controller      BUM-Replication ARP-Proxy Connections VTEPs
5000     192.168.18.32   Enabled         Enabled   0           0

Command: show control-cluster logical-switches connection-table VNI_NUMBER

Functionality: Connections joined to the specified VNI

Example output

nsx-controller # show control-cluster logical-switches connection-table 5001
Host-IP         Port  ID
10.127.128.215  29372 4

Command: show control-cluster logical-switches vtep-table VNI_NUMBER

Functionality: VTEP records for the specified VNI

Example output

nsx-controller # show control-cluster logical-switches vtep-table 5001
VNI      IP              Segment         MAC               Connection-ID
5001     192.168.18.36   192.168.18.0    00:50:56:6d:9e:1c 4

ESXi CLI

Most of this was covered here, and many of the examples were for logical switches. I suggest playing with the net-vdr commands that relate to logical switches in your labs to further your knowledge.

5 Comments

Edwin Ma - October 28, 2015 - 8:48 pm 312

Hi ! Sean

When I run the “show control-cluster logical-switches arp-table 5000 ” at each controller. But the result is different, only one controller show the result , all other two would show “Error display “.
Why, As I remember, all controller table should be same ?

Reply

Sean Whitney - October 29, 2015 - 12:39 pm 316

Hi Edwin,

This is normal behavior. Each controller own specific VNIs, so you will have to run the command on the controller that owns the VNI. Check my lab output for example.

Controller1
nsx-controller # show control-cluster logical-switches arp-table 5000
VNI IP MAC Connection-ID
5000 192.168.5.1 00:50:56:ae:cd:e5 1
5000 192.168.5.3 00:50:56:ae:82:1f 6
nsx-controller # show control-cluster logical-switches arp-table 5001
Error: Not found

Controller2
nsx-controller # show control-cluster logical-switches arp-table 5001
VNI IP MAC Connection-ID
5001 172.16.10.12 00:50:56:ae:f8:6b 6
5001 172.16.10.10 00:50:56:ae:ab:9f 4
5001 172.16.10.11 00:50:56:ae:3e:3d 2
nsx-controller # show control-cluster logical-switches arp-table 5000
Error: Not found

You can see that controller 1 owns 5000 and controller 2 owns 5001.

Thanks,
Sean

Reply

Edwin Ma - October 29, 2015 - 7:30 pm 317

Sean

You are definitely right. From some others document. I found the three NSX controllers working as cluster and “slicing ” the workload cross three controllers. So on each controller it only manages some VNI,

Thank you very much !

Reply

Manoj gp - June 24, 2016 - 8:52 am 499

Please find the details for the mentioned output below :-

ERROR : Not Found Message is seen when ESXi host does not have any open connection to the respected controller, in order to get the controller connection we need to power on the VM on that VNI then ESXi host will make connect to that controller

Blank : ESXi host has connection to the controller but no VNI are active at the moment Let me paste few output for your reference this will explain then my Email.

ESXi host outputs:

[root@esx-01a:~] esxcli network vswitch dvs vmware vxlan network list –vds-name=vds-site-a

VXLAN ID Multicast IP Control Plane Controller Connection Port Count MAC Entry Count ARP Entry Count

——– ————————- ———————————– ——————— ———- ————— —————

5001 N/A (headend replication) Enabled (multicast proxy,ARP proxy) 192.168.110.31 (up) 1 1 0

5000 .0.0.0 Disabled 0.0.0.0 (down) 1 0 0

TCP Connection to the controllers, out of three Node this host is connected to Two nodes only. controller 110.31 and 110.33 Now lets look at the out put of the “show control-cluster logical-switches joined-vnis 192.168.110.51” 110.51 is my ESXi host Mgmt IP address

[root@esx-01a:~] esxcli network ip connection list | grep -i 1234

tcp 0 0 192.168.110.51:51035 192.168.110.31:1234 ESTABLISHED 264929 newreno netcpa-worker

tcp 0 0 192.168.110.51:15587 192.168.110.33:1234 ESTABLISHED 264929 newreno netcpa-worker

—————————————————————————————————————————
controller :192.168.110.31

nsx-controller # show control-cluster logical-switches joined-vnis 192.168.110.51

VNI Controller BUM-Replication ARP-Proxy Connections

5001 192.168.110.31 Enabled Enabled 3

nsx-controller #

—————————————————————————————————————————

controller :192.168.110.33

nsx-controller # show control-cluster logical-switches joined-vnis 192.168.110.51

nsx-controller #

—————————————————————————————————————————
controller :192.168.110.32

nsx-controller # show control-cluster logical-switches joined-vnis 192.168.110.51

Error: Not found

nsx-controller #

—————————————————————————————————————————
based on this Output we get blank when the host as established an TCP connection to the Controller and Error Not found is seen when that host as not established any connection to the controllers.

Reply
sherin_31 - April 8, 2018 - 3:37 am 640

On some controllers it shows on the output that the vni belongs to a different controller. For eg. this is run on controller with ip 172.18.4.47
The same command run on 172.18.4.46 (master) gives an error for vni 5003.

nsx-controller # show control-cluster logical-switches vni 5003
VNI Controller BUM-Replication ARP-Proxy Connections
5003 172.18.4.47 Enabled Enabled 2
nsx-controller # show control-cluster logical-switches vni 5006
VNI Controller BUM-Replication ARP-Proxy Connections
5006 172.18.4.46 Enabled Enabled 0

Any ideas why?

Reply

Manage and report on a Logical Switch using NSX Controller and ESXi CLI commands

NSX Controller CLI

ESXi CLI

5 Comments

Reply Cancel

SPONSORS