Querying Flows Traversing a Specific NSX-T Edge Transport Node in Aria Operations for Networks
search cancel

Querying Flows Traversing a Specific NSX-T Edge Transport Node in Aria Operations for Networks

book

Article ID: 438909

calendar_today

Updated On:

Products

VMware NSX VCF Operations for Networks VMware vRealize Network Insight 6.x

Issue/Introduction

Users require a method to analyze traffic patterns and flow data that specifically traverses a designated NSX-T Edge Transport Node (Tier-0 or Tier-1) within Aria Operations for Networks (AON). This analysis is essential for troubleshooting North-South traffic and verifying Edge-specific traffic routing.

Prerequisites

  • NSX-T IPFIX must be enabled within AON.

  • The vCenter Server associated with the NSX Manager must be added as a data source.

  • Traffic must traverse the Distributed Firewall (DFW).

  • For Active/Standby clusters, the active Edge node must be identified.

  • For Active/Active clusters, any Edge node can be selected in search queries.

 

Environment

VCF Operations for Networks.

NSX-T Data Center

VMware NSX

Resolution

Follow these steps to retrieve the unique identifier for the Edge node and execute the flow query:

1. Identify the Transport Node:

  • Log in to the Aria Operations for Networks UI.
  • Search for the transport node by its specific name: NSX-T Transport Node '<EDGE_NODE_NAME>'
  • Replace <EDGE_NODE_NAME> with the actual name of your Edge node.

2. Retrieve the Model Key:

  • Once the search result page for the node loads, look at the browser's URL.
  • Locate the string following modelKey%20%3D%20. It will be enclosed in single quotes (e.g., '10000%3A843%3A14075106504721#####').

  • Decode the string: Replace all occurrences of %3A with a colon (:).

  • Example Decoded Key: 10000:843:14075106504721####

3. Execute the Flow Query analyze flows specifically going through that Edge:

  • Replace the model key in the query below ('10000:843:1424019480644947132') with the model key obtained in Step 2.

flow where (
  srcVm in (
    vms where defaultVRF in (
      vrf where defaultGatewayVRFs in (
        vrf where routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
      )
    )
    or defaultVRF in (
      vrf where defaultGatewayVRFs.routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
    )
    or defaultVRF.routerDevice.serviceRouters.activeTransportNode.modelKey = '10000:843:1424019480644947132'
  )
  and dstVm not in (
    vms where defaultVRF in (
      vrf where defaultGatewayVRFs in (
        vrf where routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
      )
    )
    or defaultVRF in (
      vrf where defaultGatewayVRFs.routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
    )
    or defaultVRF.routerDevice.serviceRouters.activeTransportNode.modelKey = '10000:843:1424019480644947132'
  )
) or (
  dstVm in (
    vms where defaultVRF in (
      vrf where defaultGatewayVRFs in (
        vrf where routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
      )
    )
    or defaultVRF in (
      vrf where defaultGatewayVRFs.routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
    )
    or defaultVRF.routerDevice.serviceRouters.activeTransportNode.modelKey = '10000:843:1424019480644947132'
  )
  and srcVm not in (
    vms where defaultVRF in (
      vrf where defaultGatewayVRFs in (
        vrf where routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
      )
    )
    or defaultVRF in (
      vrf where defaultGatewayVRFs.routerDevice.activeTransportNode.modelKey = '10000:843:1424019480644947132'
    )
    or defaultVRF.routerDevice.serviceRouters.activeTransportNode.modelKey = '10000:843:1424019480644947132'
  )
)
 

4. You can verify that the resulting flows are traversing the specified NSX edge node by looking at the path topology of those flows.

Powered by Wolken Software