NSX Edge ACL Counters - use case for troubleshooting packet loss
search cancel

NSX Edge ACL Counters - use case for troubleshooting packet loss

book

Article ID: 405591

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

The edge ACL counters can be used to troubleshoot packet drops that may be occurring inside of an edge appliance. From an application perspective, you might see traffic impacted by an excessive amount of re-transmit packets on your destination or source VM traversing the edge. ACL counters will help with identifying the cause of those dropped packets for the TCP/UDP flows by determining if the drops are occurring inside the Edge, or if the drops are external to the Edge. Similarly, since ACL counters allow for inspection of specific ports, it will help in determining if only specific traffic is affected.


Environment

VMware NSX
VMware NSX-T

Resolution

Use the commands below to configure ACL counter rules on your edge appliance.


  1. set debug
  2. set dataplane acl-counter rules ipv4 proto (icmp/tcp/udp/any) src-ip (source-ip) dst-ip (destination-ip)
  3. set dataplane acl-counter rules ipv4 proto (icmp/tcp/udp/any) src-ip (source-ip) dst-ip (destination-ip)<---- Source and destination IP are inverse from the line above
  4. set dataplane acl-counter rules ipv4 proto (icmp/tcp/udp/any) src-ip (source-ip) dst-ip (destination-ip) src-port 80
  5. set dataplane acl-counter rules ipv4 proto (icmp/tcp/udp/any) src-ip (source-ip) dst-ip (destination-ip) src-port 80 <---- Source and destination IP are inverse from the line above
  6. start dataplane acl-counter
  7. get dataplane acl-counter stats
  8. stop dataplane acl-counter
  9. clear dataplane acl-counter rules  <-- Cleanup and delete the rules, set the world back to zero.

This can be further filtered to only collect acl counters from a specific interface or tunnel instead of the entire edge appliance.

  1. get dataplane acl-counter stats interface 00000018-0000-0000-000000000000
  2. get dataplane acl-counter stats tunnel 00000027-0000-0000-000000000000

Additional Information

If you have any questions regarding toubleshooting acl-counters for an edges appliance please make a case and we will assist with creating the necessary rules to diagnose any packet loss you are experiencing in your environment. 
Uploading files to cases on the Broadcom Support Portal

Creating and managing Broadcom support cases

Powered by Wolken Software