With NSX-T logical networking the Tier-0 uplinks become the central passage for all of the North-South traffic—i.e., traffic between the NSX-T logical networks and the physical network.
A critical point in the NSX-T data plane and one that we might want to place under a magnifying glass from time to time.
In this short article I’ll walk through setting up and managing packet captures on Tier-0 uplinks.
1 – Identify active SR location
This step is relevant when the Tier-0 gateway is running in Active-Passive HA mode. Most of the time the interesting packets will be on the active uplinks and we need to figure out where these are situated.
With Active-Active HA mode all of the Tier-0 uplinks are involved in forwarding traffic and therefore points of interest when it comes to capturing packets
In the NSX Manager UI, navigate to Advanced Networking & Security > Networking > Routers. Click the Active-Standby link for the Tier-0 gateway:
Here the active Tier-0 SR is located on edgevm01.
2 – Identify interface ID
Also under Advanced Networking & Security > Networking > Routers we click the name link of the Tier-0 gateway. This opens up the details pane where we choose Configuration > Router Ports:
Copy the ID of the uplink interfaces that use the Edge node with the active Tier-0 SR:
3 – Start capture session
SSH into the Edge node with the active Tier-0 SR. To capture 50 outgoing/northbound packets run the following command:
start capture interface <ID> direction output count 50 file capture.pcap
4 – Copy capture file
The resulting capture.pcap file can now be copied to an SFTP server. For example:
copy file capture.pcap url scp://email@example.com/captures
After a successful copy you might want to delete the capture.pcap file from the Edge node’s file store:
del file capture.pcap
5 – Open capture file
Open the capture file in a packet analyzer like Wireshark to start investigating the captured packets:
And that’s how easy it is to capture traffic on Tier-0 uplinks.
It’s not uncommon that you need to capture network traffic as part of investigating some kind of application issue. For that reason I recommend that you document the IDs of the Tier-0 uplink interfaces in advance and have an SFTP server ready to go so that you don’t have to waste valuable time on preparing the packet capture itself.
Thanks for reading.
Another excellent article, thank you!
LikeLiked by 1 person