How to Query Flows Traversing a Specific NSX-T Edge Transport Node in Aria Operations for Networks
search cancel

How to Query Flows Traversing a Specific NSX-T Edge Transport Node in Aria Operations for Networks

book

Article ID: 438909

calendar_today

Updated On:

Products

VMware NSX VCF Operations for Networks VMware vRealize Network Insight 6.x

Issue/Introduction

Users require a method to analyze traffic patterns and flow data specifically traversing a designated NSX-T Edge Transport Node (Tier-0 or Tier-1) within Aria Operations for Networks (AON). This is necessary for troubleshooting North-South traffic or verifying Edge-specific traffic.

Requirements:

  • NSX-T IPFIX must be enabled from the AON
  • The vCenter Server associated with the NSX Manager must be added as a data source.
  • Traffic must traverse the Distributed Firewall (DFW).
  • For Active/Standby clusters, the active Edge node must be identified.
  • For Active/Active clusters, any Edge node can be selected in the Search Queries.

Environment

  • VCF Operations for Networks.
  • NSX-T Data Center / VMware NSX.

Resolution

Follow these steps to retrieve the unique identifier for the Edge node and execute the flow query:

1. Identify the Transport Node:

  • Log in to the Aria Operations for Networks UI.
  • Search for the transport node by its specific name: NSX-T Transport Node '<EDGE_NODE_NAME>'
  • Replace <EDGE_NODE_NAME> with the actual name of your Edge node.

2. Retrieve the Model Key:

  • Once the search result page for the node loads, look at the browser's URL.
  • Locate the string following modelKey%20%3D%20. It will be enclosed in single quotes (e.g., '10000%3A843%3A14075106504721#####').

  • Decode the string: Replace all occurrences of %3A with a colon (:).

  • Example Decoded Key: 10000:843:14075106504721####

3. Execute the Flow Query analyze flows specifically going through that Edge:

  • Using the `modelKey` obtained in Step 2, replace all occurrences of `%s` in the following query with your decoded `modelKey` (e.g., '10000:843:14075106504721####'):

flow where (Source Vm in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= %s)) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = %s) or defaultVRF.router.Service Router.active Transport Node.modelKey = %s) and destination vm not in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= %s)) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = %s) or defaultVRF.router.Service Router.active Transport Node.modelKey = %s)) or (Destination Vm in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= %s)) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = %s) or defaultVRF.router.Service Router.active Transport Node.modelKey = %s) and Source Vm not in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= %s)) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = %s) or defaultVRF.router.Service Router.active Transport Node.modelKey = %s))

Example:

flow where (Source Vm in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= '10000:843:14075106504721####')) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = '10000:843:14075106504721####') or defaultVRF.router.Service Router.active Transport Node.modelKey = '10000:843:14075106504721####') and destination vm not in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= '10000:843:14075106504721####')) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = '10000:843:14075106504721####') or defaultVRF.router.Service Router.active Transport Node.modelKey = '10000:843:14075106504721####')) or (Destination Vm in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= '10000:843:14075106504721####')) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = '10000:843:14075106504721####') or defaultVRF.router.Service Router.active Transport Node.modelKey = '10000:843:14075106504721####') and Source Vm not in (vms where defaultVRF in (vrf where Default Gateway Routers in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey= '10000:843:14075106504721####')) or defaultVRF in (vrf where Default Gateway Routers.Router.Active Transport Node.modelKey = '10000:843:14075106504721####') or defaultVRF.router.Service Router.active Transport Node.modelKey = '10000:843:14075106504721####'))

 

4. The following flows are traversing a specific NSX-T Edge Transport Node:

Powered by Wolken Software