Users need to notice the destination MAC when trying to trace a cross-subnet VLAN traffic flow using traceflow
search cancel

Users need to notice the destination MAC when trying to trace a cross-subnet VLAN traffic flow using traceflow

book

Article ID: 422412

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Traceflow is a tool to inject a crafted packet into the specified port. Therefore, the final traceflow observation or result depends on what kind of packet is crafted by the user.
  • In the current traceflow UI, the source MAC address and destination MAC address of the crafted packet is derived from the source virtual machine (or port, interface) and destination virtual machine (or port, interface) chosen by user. This is to ease user operation to find the MAC address.
  • However, users may see unexpected final traceflow observations sometimes depending on the destination MAC address derived from the chosen destination virtual machine (or port, interface).
  • A typical scenario is to trace the cross-subnet VLAN traffic flow. Consider that there are two virtual machines (VM1 and VM2) in different VLAN segments (seg1 and seg2), VM1 connects to seg1, and VM2 connects to seg2. The traffic between VM1 and VM2 is required to be routed by the underlay router. In this way, only if the destination MAC of the packet from the VM1 is the gateway MAC address of the underlay router, the packet can be delivered to VM2 eventually. Now, users should follow the same pattern to craft the traceflow packet if users would like to trace the traffic flow cross-subnet.

Environment

VMware NSX

Cause

  • In the overlay scenario (overlay segment or overlay VPC subnet), traceflow can detect the gateway MAC address automatically because the gateway between two overlay subnets is an NSX abstract.
  • In the cross-subnet VLAN scenario, the gateway is usually the underlay physical router, and traceflow cannot detect it.

Resolution

  • Users need to confirm if they would like trace the traffic cross-subnet (different VLANs)
  • If yes, users need to find the MAC address of the gateway which will route the cross-subnet VLAN traffic.
  • If the MAC address is found, users need to populate the found MAC address in the "MAC Address" of traceflow destination tab when the "Type" of traceflow destination is "Virtual Machine" or "Port/Interface".
  • Alternatively, switch "Type" of traceflow destination to "IP - Mac" and select the "Layer" to "Layer 2". Then, manually populate the destination IP and MAC as per requirement.

Additional Information

Traceflow attempt in NSX GUI fails with " Traceflow on VLAN logical port InternalLogicalPort/<portID> requires INT (In-band Network Telemetry) to be enabled."

Performance Considerations of In-band Network Telemetry (INT) in NSX Traceflow for VLAN Segments

Powered by Wolken Software