VMware, Inc.
135
Appendix B Troubleshooting
To troubleshoot if broadcast packets are being received but unicast packets are being dropped
1
Run
/opt/vmware/vslad/fence-util setSwitchMode 1
on all ESX hosts in question. This command
instructs the vshd module to broadcast all fenced packets.
If after running the command on all hosts things start working, most of the times, this means that the issue
lies with mirror virtual machines because mirror virtual machines are required to be configured correctly
for the unicast packet delivery to work.
For more on
fence-util
, see
“Details of the fence-util Utility”
on page 135.
2
On each ESX host, check the mirror virtual machine’s NICs to make sure that at least one NIC is connected
to the vSwitch to which these virtual machines are connected.
3
Confirm that the filter entries for this NIC in the mirror virtual machines VMX files are correct. All of the
entries for that vSwitch should have the same LanId? value.
After fixing the problem, reset the mode to 0 by running
/opt/vmware/vslad/fence-util
setSwitchMode 0
.
4
Confirm that the packets are reaching the other ESX host. If the mirror virtual machines are
misconfigured, packets are dropped at the destination ESX host, not by the source host.
If still things are not working, this would most likely mean that the unicast switching is broken
somewhere on the physical boxes in the network. This is rare because if broadcast packets are reaching,
that means physical connectivity is present between the virtual machines communicating with each other.
If broadcast is working and unicast is not working even after putting all vshd modules in broadcast mode
using fence-utils, then problems may be present in the physical network for such unicasts.
There is also a chance of more than one vShield Manager, Port Group Isolation, vCenter installations on
the same network. In that case, some of the host key MAC addresses may get duplicated within the same
physical network. Because of this, the broadcast traffic may work fine, but the unicast traffic may reach
the wrong hosts because the physical switches on the network may learn about same MAC from two
different places.
To troubleshoot if no packets are being received and broadcasts are being dropped
1
Confirm that the two ESX hosts are present on a common physical network and on the same VLAN.
2
In the case of legacy switches, confirm that the same port group is connected to the same named vswitch
on all the ESX hosts in question.
3
Confirm that the NIC connected to these vSwitches connect to the same physical network.
4
Run
/opt/vmware/vslad/fence-util info
command multiple times on all ESX hosts to see if any
dropped packet counters are incremented.
This module also shows dropped packet numbers for unfenced packets entering into fenced vNICs. This
would mean that all the other broadcasts on the network are dropped when they reach the fenced vNIC.
Look for
Fenced From VM
and
Fenced To VM
counters.
5
Isolate the point where packets are getting dropped by running captures on the ESX interface at both ends.
In cases where packets are coming out of source ESX but are not reaching the destination ESX, there are
rare chances that some intelligent device in between may be dropping these packets because of an
unknown eth type in the packets.
Details of the fence-util Utility
Log Level
indicates debug log level.
Hostkey
is the configured host ID. There is a printing mistake in the fence util program where its attaching a
0 at the end of the host id. host id of 0x30 means host Id 3.
Configured LAN MTUs
refer to the explicitely set MTU values via vsdh.
Содержание VSHIELD APP 1.0.0 UPDATE 1 - API
Страница 9: ...VMware Inc 9 vShield Manager and vShield Zones...
Страница 10: ...vShield Administration Guide 10 VMware Inc...
Страница 14: ...vShield Administration Guide 14 VMware Inc...
Страница 18: ...vShield Administration Guide 18 VMware Inc...
Страница 24: ...vShield Administration Guide 24 VMware Inc...
Страница 34: ...vShield Administration Guide 34 VMware Inc...
Страница 42: ...vShield Administration Guide 42 VMware Inc...
Страница 46: ...vShield Administration Guide 46 VMware Inc...
Страница 47: ...VMware Inc 47 vShield Edge and Port Group Isolation...
Страница 48: ...vShield Administration Guide 48 VMware Inc...
Страница 57: ...VMware Inc 57 vShield App and vShield Endpoint...
Страница 58: ...vShield Administration Guide 58 VMware Inc...
Страница 62: ...vShield Administration Guide 62 VMware Inc...
Страница 68: ...vShield Administration Guide 68 VMware Inc...
Страница 78: ...vShield Administration Guide 78 VMware Inc...
Страница 85: ...VMware Inc 85 Appendixes...
Страница 86: ...vShield Administration Guide 86 VMware Inc...
Страница 130: ...vShield Administration Guide 130 VMware Inc...
Страница 144: ...vShield Administration Guide 144 VMware Inc...