hi there fellows,
Just wonder where to find a clue about a problem with a customer that I have, the scenario is that NSX seems to be blocking in some way the functions of a VM's which is a Red Hat and a native LB on it, the ESXi hosts where those VM's run are prepared and just prepared with the vibs of NSX, so since it seems pretty weird, there some NSX hatters that are suggesting some failure is nsx, so I want to find if someone has experienced something similar.
thanks in advance for any help
HI
to confirm the issue ,
please put your VM in exclusion list in NSX and check connectivity again.
Thanks
Dmitri
I saw some cases without any rule active NSX distributed firewall blocked some traffic. Could you please try to disable firewall and check it again?
NSX Flow Monitor Live Flow could show if the flow to or from the VM is blocked or permitted, and by which Firewall rule. It is also possible to filter source or destination IPs, and could give clue about the TCP flow is established or blocked, and if packets are reaching to the VM.
VMware NSX for vSphere provides a built-in tool, Live Flow monitoring (above), which allows you to simply pick any virtual machine’s network interface and see (in real-time) a summary of all flows and their state. You can see a complete breakdown of all the flows at that VM, including the direction of each flow, the number of bytes and packets per flow, the firewall rule each flow was permitted through, IP addresses and port numbers, and the state of each connection. There are no additional steps required. There’s no need configure full packet captures to a remote tool and sifting through IP addresses looking for your VM. For the simple task of targeted network traffic visibility, VMware NSX offers a simple tool.
http://vcrooky.com/2017/08/nsx-monitor-analyze-virtual-machine-traffic-flow-monitoring/
Similarly Traceflow would show the hops and if blocked at which point.
http://blog.jgriffiths.org/greatest-tool-for-nsx/
http://www.kovarus.com/blog/network-troubleshooting-nsx-traceflow/
http://bayupw.blogspot.com/2016/12/troubleshoot-nsx-dfw-distributed.html
For more detailed, tcpdump is also possible at the VM level from the NSX side, which whould show if the packets reach to the VM, or from the VM to the NSX dFW or dVS. The same capture is also possible if the packets are reaching to DLR, ESG, or going to t or coming from he External Physical Network.
https://avillargarea.wordpress.com/2016/11/23/vm-packet-tracing-from-nsx-manager-cli/
Log Insight NSX Dashboard, ARM (Application Rule Manager) or VRNI (Vrealize Network Insight) could help about the flows showing if blocked or permitted by which rule