In this section some basic CLI commands for nsxcli will be provided. These can be used for troubleshooting.
Please take into account the NSX-T Data Center Administration Guide for NSX-T 3.2 here.
# Logical Switching
Common switching problems
N-VDS is incorrectly configured on a host
Overlay tunnel (GENEVE) is misconfigured
TEPs unable to reach each other
# Validate switch
esxcfg-vswitch -l # verify switch configuration
nsxdp-cli # Verify nsx local datapath services and statitics
# Verify network interfaces
ifconfig
net-stat -I
Verification Process
# ssh to NSX manager node
su admin # enter nsxcli command mode
get logical-switches # Verify all logical switches/segements configured in NSX manager
get logical-switch <segment-uuid> ports # verify the logical switch ports connected to the segment
get logical-switch <segment-VNI> transport-node-table # list the transport node table of the segment logical switch
get logical-switch <segment-VNI> arp-table
get logical-switch <segment-VNI> map-table
get logical-switch <segment-VNI> vtep
get nodes # list all the transport nodes
get cluster status # check all nodes and its service statuses
get cluster vip # on which node does the vip run
st eng # from admin to root (exit to return to admin mode)
# ssh to Edge Transport Nodes
get controllers # which controller is node connected to
get managers # check if all connected
# ssh to ESXi host
nsxcli # enter nsxcli command mode
get logical-switches # It will list the switches VNI, UUID, DVS name, VIF numbers
get logical-switch <segment-VNI>
get logical-switch <segment-VNI> mac-table
get logical-switch <segment-VNI> arp-table
get logical-switch <segment-VNI> vtep
DNS and NTP configuration NSX-T nodes
- nsxt01-1> get name-servers
- Output
[date and time]
172.0.0.11
172.0.0.12
- Output
- nsxt01-1> get ntp-servers
- Output
[date and time]
10.0.0.7
10.0.0.23
10.0.0.39
- Output
For more details, please check this post.
# ssh to KVM host
sudo -i # enter root mode
virsh dumpxml <vm-name> | grep interfaceid # obtain the interfaceid of the required vm
nsxcli # enter nsxcli command mode
get logical-switches # It will list the switches VNI, UUID, DVS name, VIF numbers
get logical-switch <segment-VNI>
get logical-switch <segment-VNI> ports
get logical-switch <segment-VNI> map-table
get logical-switch <segment-VNI> arp-table
get logical-switch <segment-VNI> vtep
# Check GENEVE VMKernel
esxcli network ip interface ipv4 | get vmk10
vmk10 is the TEP for NSX
esxcli network ip interface ipv4 | get vmk50
vmk50 is for intra-tier networking/routing and containers.
Verifying overlay tunnel reachability
Ping destination TEP interface from the source host
vmkping ++netstack=vxlan -s Vxlan is used by host rather than GENEVE. It’s the same stack for ESXi.
Try 1572 if 1575 fails This is the minimum size needed to support GENEVE. GENEVE adds 72 bytes to a 1500 byte data packet.
If 1572 fails try 1472 if that works, the overhead for the overlay hasn’t been configured.
Example
vmkping ++netstack=vxlan -s 1572 -d <TEP-IP> # using 1572 data bytes, and ping destination TEP