If I go into Flow Monitor I can search for VMs and choose the vNIC to do flow monitoring.
But if I try to find a VM which represents a particular load balancer it's not in there.
Is that something that can be changed? I sometimes need to troubleshoot issues
with partners or customers and only being able to see the back end of the conversation
- SNIP to VM/vNIC is painful. Those flows show me the LB SNIP address as the
source not the actual source address.
Also is it possible to save the output from a flow monitoring session so It can
be reviewed like a tcpdump or wireshark pcap? As it is the TCP conversation
statuses roll by so quickly that I have do decide what's going on or have
the other part retry. I can slow it down so that it only flips every 30
seconds or whatever but still output that could be carefully reviewed
would be much better.
You won't see ESG vNICs in the Flow Monitoring tool, however, do packet captures on the ESG to see traffic on either side of the connection there and also save as a pcap. Syntax is similar to that of TCP dump with the exception of using underscores where you'd normally have spaces. Section 14 of the Load Balancer Troubleshooting Using the CLI portion of the troubleshooting guide has some examples of the commands with various filters, etc.
You won't see ESG vNICs in the Flow Monitoring tool, however, do packet captures on the ESG to see traffic on either side of the connection there and also save as a pcap. Syntax is similar to that of TCP dump with the exception of using underscores where you'd normally have spaces. Section 14 of the Load Balancer Troubleshooting Using the CLI portion of the troubleshooting guide has some examples of the commands with various filters, etc.
As mentioned in Luke's reply, there are some few CLI commands that you can use from NSX Edge
If you want to see the client's IP from NSX Edge CLI, you can try to use these commands
show service loadbalancer table
show service loadbalancer table ipv4_ip_table...
you can also do a debug packet capture in NSX Edge using below commands
debug packet capture interface <interface-name>
debug packet display interface <interface-name>
you can do filter and separate the objects using _ for example:
debug packet display interface vNic_0 host_192.168.110.11_and_host_192.168.110.12