ON THIS PAGE
Unicast Packet Path - Intra-VN
This procedure steps through debugging the unicast packet path
for intra-virtual network (intra-VN) traffic from VM1 to VM2 (on same
compute node) and VM3 (on different compute node). In this example,
the VMs listed are in the same subnet 10.1.1.0/24. Intra-VN traffic is within the same virtual network.
| VM1 | IP address |
| VM2 | IP address |
| VM3 | IP address |
Intra-Compute Use Case
Discover the
vifinterfaces corresponding to the virtual machine interfaces (VMI)s of the VM by using the command:vif --list
You can also discover the
vifinterfaces by entering the introspect URL.Example:
http://10.1.1.5:8085/Snh_ItfReq?name=&type=&uuid=&vn=&mac=&ipv4_address=&ipv6_address=&parent_uuid=&ip_active=&ip6_active=&l2_active=
Note:Replace the IP address with the actual compute IP address in the introspect HTTP URL.
Run the
vif --get <index>command to verify the virtual routing and forwarding (VRF) and Policy flags are set in the vRouter interface (VIF).Example output verifying flags for each
vif:vif0/4 OS: tapdd789d34-27 Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:10.1.1.5 Vrf:2 Mcast Vrf:2 Flags:PL3L2Er QOS:-1 Ref:6 RX packets:30 bytes:8676 errors:0 TX packets:170 bytes:7140 errors:0 ISID: 0 Bmac: 02:dd:78:9d:34:27 Drops:81 vif0/6 OS: tapaedbc037-bf Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:10.1.1.6 Vrf:2 Mcast Vrf:2 Flags:PL3L2Er QOS:-1 Ref:6 RX packets:96316 bytes:4858043 errors:0 TX packets:96562 bytes:4884177 errors:0 ISID: 0 Bmac: 02:ae:db:c0:37:bf Drops:2Run the following command to display all of the entries from the bridge table:
rt --dump <vrf id> --family bridge
Example:
rt --dump 2 --family bridge Flags: L=Label Valid, Df=DHCP flood, Mm=Mac Moved, L2c=L2 Evpn Control Word, N=New Entry, Ec=EvpnControlProcessing vRouter bridge table 0/2 Index DestMac Flags Label/VNID Nexthop Stats 31264 0:0:5e:0:1:0 Df - 3 206834 79784 2:dd:78:9d:34:27 Df - 44 4 112924 ff:ff:ff:ff:ff:ff LDf 5 48 35 115240 2:0:0:0:0:2 Df - 12 0 169408 2:ae:db:c0:37:bf Df - 25 1 183944 2:99:ef:64:96:e1 LDf 27 20 0 205564 2:0:0:0:0:1 Df - 12 0 252380 0:25:90:c5:58:94 Df - 3 0Highlighted in the example is the destination MAC address of the destination VM in the bridge table and the next-hop identifier associated with it.
Run
nh --get <nh id>to display the next-hop details.Example:
nh --get 25 Id:25 Type:Encap Fmly:AF_BRIDGE Rid:0 Ref_cnt:3 Vrf:2 Flags:Valid, Policy, Etree Root, EncapFmly:0806 Oif:6 Len:14 Encap Data: 02 ae db c0 37 bf 00 00 5e 00 01 00 08 00In the example,
Oif:6is the OIF index in the next hop which is the outgoing interface for the packet. TheEncap Datacorresponds to the L2 encapsulation that is added to the IP packet before the packet is forwarded to the outgoing interface.Run
vif --get <oifindex>to get the outgoing VIF details.Example:
vif --get 6 vif0/6 OS: tapaedbc037-bf Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:10.1.1.6 Vrf:2 Mcast Vrf:2 Flags:PL3L2Er QOS:-1 Ref:6 RX packets:96935 bytes:4892936 errors:0 TX packets:97235 bytes:4921004 errors:0 ISID: 0 Bmac: 02:ae:db:c0:37:bf Drops:2The received packet
RXand transmitted packetTXcounters for the corresponding VIF interfaces are incremented when traffic is flowing through.Run the
flow -lcommand to list the flows created. If the Policy flag is enabled on the VIFs, a flow is created as shown in the example.Example: Ping
10.1.1.6from10.1.1.5.flow -l Index Source:Port/Destination:Port Proto(V) ----------------------------------------------------------------------------------------- 876<=>1020 10.1.1.6:1599 1 (2) 10.1.1.5:0 (Gen: 12, K(nh):21, Action:F, Flags:, QOS:-1, S(nh):21, Stats:9/882, SPort 54920, TTL 0, Sinfo 6.0.0.0) 1020<=>876 10.1.1.5:1599 1 (2) 10.1.1.6:0 (Gen: 2, K(nh):29, Action:F, Flags:, QOS:-1, S(nh):29, Stats:9/882, SPort 58271, TTL 0, Sinfo 4.0.0.0)The statistics in the forward and reverse flow are incremented when traffic is flowing through. If statistics are not getting incremented for a particular flow, that can indicate a potential problem in that direction. The flow action should be
ForNfor the packets to be forwarded or NATed out. A flow action ofDindicates that packets will be dropped.Run the
vrouter_agent_debugscript to collect all of the relevant logs.
Inter-Compute Use Case
In an inter-compute case, the next-hop lookup points to the tunnel that takes the packet to the other compute node. The bridge entry will also indicate the Label/VNID added to the packet during encapsulation. Inter-compute traffic is between VMs on different compute nodes.
For Compute 1:
Discover the
vifinterfaces corresponding to the virtual machine interfaces (VMI)s of the VM by using the command:vif --list
You can also discover the
vifinterfaces by entering the introspect URL:Example:
http://10.1.1.5:8085/Snh_ItfReq?name=&type=&uuid=&vn=&mac=&ipv4_address=&ipv6_address=&parent_uuid=&ip_active=&ip6_active=&l2_active=
Note:Replace the IP address with the actual compute IP address in the introspect HTTP URL.
Run the
vif --get <index>command to verify the virtual routing and forwarding (VRF) and Policy flags are set in the vRouter interface (VIF).Example output verifying flags for each
vif:vif0/4 OS: tapdd789d34-27 Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:10.1.1.5 Vrf:2 Mcast Vrf:2 Flags:PL3L2Er QOS:-1 Ref:6 RX packets:30 bytes:8676 errors:0 TX packets:170 bytes:7140 errors:0 ISID: 0 Bmac: 02:dd:78:9d:34:27 Drops:81 vif0/6 OS: tapaedbc037-bf Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:10.1.1.6 Vrf:2 Mcast Vrf:2 Flags:PL3L2Er QOS:-1 Ref:6 RX packets:96316 bytes:4858043 errors:0 TX packets:96562 bytes:4884177 errors:0 ISID: 0 Bmac: 02:ae:db:c0:37:bfRun the following command to display all of the entries from the bridge table:
rt --dump <vrf id> --family bridge
Example:
rt --dump 2 --family bridge Flags: L=Label Valid, Df=DHCP flood, Mm=Mac Moved, L2c=L2 Evpn Control Word, N=New Entry, Ec=EvpnControlProcessing vRouter bridge table 0/2 Index DestMac Flags Label/VNID Nexthop Stats 31264 0:0:5e:0:1:0 Df - 3 206834 79784 2:dd:78:9d:34:27 Df - 44 4 112924 ff:ff:ff:ff:ff:ff LDf 5 48 35 115240 2:0:0:0:0:2 Df - 12 0 169408 2:ae:db:c0:37:bf Df - 25 1 183944 2:99:ef:64:96:e1 LDf 27 20 0 205564 2:0:0:0:0:1 Df - 12 0 252380 0:25:90:c5:58:94 Df - 3 0In the example,
2:99:ef:64:96:e1belongs to IP address10.1.1.7and label27is used to encapsulate the packet.Run
nh --get <nh id>to get the next hop details.Example:
nh --get 20 Id:20 Type:Tunnel Fmly: AF_INET Rid:0 Ref_cnt:12 Vrf:0 Flags:Valid, MPLSoGRE, Etree Root, Oif:0 Len:14 Data:00 25 90 c5 62 1c 00 25 90 c5 58 94 08 00 Sip:10.204.217.86 Dip:10.204.217.70
In the example, the next-hop output indicates the next-hop type as
Tunnel, encapsulation used asMPLSoGRE, the outgoing interface asOif:0, and the corresponding source and destination IP addresses of the tunnel.
For Compute 2:
Run the
mpls --get <label>command to see the next hop mapped to the particular incoming MPLS table.Example:
mpls --get 27 MPLS Input Label Map Label NextHop ------------------------- 27 28Run
nh --get <nh_id>to get the next hop details.Example:
nh --get 28 Id:28 Type:Encap Fmly:AF_BRIDGE Rid:0 Ref_cnt:3 Vrf:2 Flags:Valid, Policy, Etree Root, EncapFmly:0806 Oif:3 Len:14 Encap Data: 02 99 ef 64 96 e1 00 00 5e 00 01 00 08 00Run
vif --get <oifindex>to get the outgoing VIF details.Example:
vif --get 3 vif0/3 OS: tap99ef6496-e1 Type:Virtual HWaddr:00:00:5e:00:01:00 IPaddr:10.1.1.7 Vrf:2 Mcast Vrf:2 Flags:PL3L2Er QOS:-1 Ref:6 RX packets:34 bytes:10044 errors:0 TX packets:1699 bytes:78990 errors:0 Drops:93Note:If you are using VXLAN encapsulation, do the following on Compute 2:
For Step 1, instead of running the
mpls --getcommand, run thevxlan --get <vxlanid>command to get the mapping from VXLAN ID to the next hop.With VXLAN, the next hop points to a VRF translated next hop. Use the bridge lookup in the corresponding VRF, as shown in Step 3 to get the final outgoing next hop, which will point to the VIF interface.