Cisco Nexus 1000V Troubleshooting Guide, Release 4.2(1) SV1(4)
Virtual Service Domain
Downloads: This chapterpdf (PDF - 129.0KB) The complete bookPDF (PDF - 6.15MB) | Feedback

Virtual Service Domain

Table Of Contents

Virtual Service Domain

Information about Virtual Service Domain

Problems with Virtual Service Domain

Collecting and Evaluating Logs

Virtual Service Domain Troubleshooting Commands


Virtual Service Domain


This chapter describes how to identify and resolve problems related to Virtual Service Domain (VSD).

This chapter includes the following sections:

Information about Virtual Service Domain

Problems with Virtual Service Domain

Collecting and Evaluating Logs

Virtual Service Domain Troubleshooting Commands

Information about Virtual Service Domain

A Virtual Service Domain (VSD) is a logical group of interfaces that is serviced by a common Service VM (SVM). With VSD the Cisco Nexus 1000V can support third party appliances such as vShield.

VSD lets you classify and separate traffic for network services such as firewalls and traffic monitoring.

Multiple VSDs can co-exist on a host; with each VSD serviced by an SVM.

For more information, to configure VSD, an example configuration, and for configuration limits, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4).

Problems with Virtual Service Domain

The following are symptoms, possible causes, and solutions for problems with VSD.

Symptom
Possible Causes
Solution

The SVM does not come online.

There is more than one SVM per VSD per host.

There can be only one SVM per VSD per host. If a second SVM tries to come up, the SVM ports are error disabled.

1. Check for multiple SVMs per VSD per host.

show virtual-service-domain interface

If output indicates Invalid SVM interface, then there are multiple SVMs per VSD per host.

2. Remove or relocate one of the SVMs.

A loop occurs.

SVM ports are not correctly attached to the inside and outside port profiles.

1. Turn off the SVM looping capability or the SVM itself.

2. Display the interfaces attached to the port profiles.

show port-profile usage

3. Correct configuration errors.

For information about configuring VSD, see the Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4).


Collecting and Evaluating Logs

You can use the commands in this section from the VSM to collect and view logs related to VSD captured as follows:

VSM logs: /var/log/external/startupdebug

VEM DPAlogs: /var/log/vemdpa.log

Command
Description

module vem module_number execute vemdpalog writelogs

module vem module_number execute vemdpalog debug sfvsimagent all

Enables the DPA logs and writes them to vemdpa.log.

module vem module_number execute vemdpalog start

module vem module_number execute vemdpalog stop

Starts and stops DPA logging for viewing.

module vem module_number execute vemdpalog show all

Displays DPA logs.

module vem module_number execute vemlog debug sfvsim all

Enables DP logs.

module vem module_number execute vemlog start

module vem module_number execute vemlog stop

Starts and stops DP logging for viewing.

module vem module_number execute vemlog show all

Displays DPA logs.


Example 19-1 VSM Logs

2011 Feb 17 10:14:01 vsm vsim: <{vsim}> [DBG]==============ZONES===============
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Zone_id: 1, name: vsd1, is_in_use? 1, 
default_action: (DROP), member_cnt: 5
2011 Feb 17 10:14:01 vsm vsim: <{vsim}> [DBG]==============INTFS===============
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000000, zoneid 1, status ATTACHED, 
type SVM_MEMBER (2)
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000010, zoneid 1, status ATTACHED, 
type SVM_MEMBER (2)
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000020, zoneid 1, status ATTACHED, 
type SVM_MEMBER (2)
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000030, zoneid 1, status ATTACHED, 
type SVM_MEMBER (2)

Example 19-2 VEM DPA Logs

Feb 17 16:11:02.645378: sfvsimagent: PDL Lite :Opening new session
Feb 17 16:11:02.723186: sfvsimagent: PDL Lite :Add policy callback
Feb 17 16:11:02.727281: sfvsimagent: PDL Lite :Add policy node callback
Feb 17 16:11:02.727293: sfvsimagent: sf_vsim_add_vzone: Entered
Feb 17 16:11:02.727303: sfvsimagent: sf_vsim_dpa_vzone_init: Entered
Feb 17 16:11:02.727324: sfvsimagent: MTS Opcode: 142337

Example 19-3 VEM Logs

Feb 17 15:58:42.924322      4411   1    1  16   Debug sfvsimsrc: Reached vsim stage src 
ltl 18 dst ltl 10
Feb 17 15:58:42.924337      4412   1    1  16   Debug sfvsimsrc: Reached vsim stage src 
ltl 9 dst ltl 8
Feb 17 15:58:43.038065      4413   1    1  16   Debug sfvsimsrc: Reached vsim stage src 
ltl 18 dst ltl 10
Feb 17 15:58:43.038087      4414   1    1  16   Debug sfvsimsrc: Reached vsim stage src 
ltl 9 dst ltl 8
Feb 17 15:58:43.038128      4415   2    1  16   Debug sfvsimsrc: Reached vsim stage src 
ltl 8 dst ltl 4282
Feb 17 15:58:43.038152      4416   1    1  16   Debug sfvsimsrc: Reached vsim stage src 
ltl 10 dst ltl 18
Feb 17 15:58:43.038156      4417   2    0  0         Suspending log

Virtual Service Domain Troubleshooting Commands

You can use the commands in this section to troubleshoot problems related to VSD.

Command
Description

show system internal ethpm event-history interface

Displays the request/response pre-configuration event. Useful when the port is error disabled.

See Example 19-4.

show system internal vsim event-history msgs

Displays a log of the MTS events processed by VSIM.

See Example 19-5.

module vem mod-number execute vemcmd show port

Displays the port state on the VEM. Useful for debugging traffic flow on interfaces.

See Example 19-6.

show virtual-service-domain name vsd-name

Displays a specific VSD configuration.

See Example 19-7.

show virtual-service-domain brief

Displays a summary of all VSD configurations.

See Example 19-8.

show virtual-service-domain interface

Displays the interface configuration for all VSDs.

See Example 19-9.

module vem module_number execute vemcmd show vsd

Displays the VEM VSD configuration by sending the command to the VEM from the remote Cisco Nexus 1000V.

See Example 19-10.

module vem module_number execute vemcmd show vsd ports

Displays the VEM VSD ports configuration by sending the command to the VEM from the remote Cisco Nexus 1000V.

See Example 19-11.

show port-profile name profile-name

Displays the port profile configuration.

See


Example 19-4 show system internal ethpm event-history interface vethernet 1

n1000v# show system internal ethpm event-history interface vethernet 1
...
 18) Event:ESQ_REQ length:34, at 725272 usecs after Thu Feb 17 15:42:13 2011
    Instance:469762048, Seq Id:0x1, Ret:success
    [E_MTS_TX] Dst:MTS_SAP_VSIM(716), Opc:MTS_OPC_ETHPM_PORT_PRE_CFG(61441)
 
19) Event:ESQ_RSP length:34, at 739984 usecs after Thu Feb 17 15:42:13 2011
    Instance:469762048, Seq Id:0x1, Ret:success
    [E_MTS_RX] Src:MTS_SAP_VSIM(716), Opc:MTS_OPC_ETHPM_PORT_PRE_CFG(61441)
...
n1000v#
 
   

Example 19-5 show system internal vsim event-history msgs

n1000v# show system internal vsim event-history msgs
1) Event:E_MTS_RX, length:60, at 215249 usecs after Thu Feb 17 10:16:53 2011
    [REQ] Opc:MTS_OPC_SDWRAP_DEBUG_DUMP(1530), Id:0X000C14C4, Ret:SUCCESS
    Src:0x00000101/2282, Dst:0x00000101/716, Flags:None
    HA_SEQNO:0X00000000, RRtoken:0x000C14C4, Sync:UNKNOWN, Payloadsize:216
    Payload:
    0x0000:  01 00 2f 74 6d 70 2f 64 62 67 64 75 6d 70 32 34
 
2) Event:E_MTS_TX, length:60, at 833885 usecs after Thu Feb 17 10:14:01 2011
    [NOT] Opc:MTS_OPC_FSMUTILS_SYNC_PSS_TO_STDBY(1523), Id:0X000C05B3, Ret:SUCCESS
    Src:0x00000101/716, Dst:0x00000101/0, Flags:None
    HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:380
    Payload:
    0x0000:  00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01
 
3) Event:E_FU_UNLOCK, length:36, at 820289 usecs after Thu Feb 17 10:14:01 2011
    Status: 0x0
    Gwrap: 0x80fa09c  Cat: 0x0
      Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682)
      Msg id: 0X000C05A5
    Lock type: 0
    RID Size: 8
      Val   :
      0x0000:  01 00 00 00 00 00 00 01
4) Event:E_FU_UNLOCK, length:36, at 818291 usecs after Thu Feb 17 10:14:01 2011
    Status: 0x0
    Gwrap: 0x80fa09c  Cat: 0x0
      Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682)
      Msg id: 0X000C05A5
    Lock type: 0
    RID Size: 8
      Val   :
      0x0000:  00 00 00 1c 00 00 00 02
5) Event:E_FU_UNLOCK, length:36, at 816421 usecs after Thu Feb 17 10:14:01 2011
    Status: 0x0
    Gwrap: 0x80fa09c  Cat: 0x0
      Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682)
      Msg id: 0X000C05A5
    Lock type: 0
    RID Size: 8
      Val   :
      0x0000:  10 00 00 1c 00 00 00 02
n1000v#

Example 19-6 module vem # execute vemcmd show port

n1000v# module vem 3 execute vemcmd show port
  LTL   VSM Port  Admin Link  State  PC-LTL  SGID  Vem Port
   18     Eth3/2     UP   UP    F/B*      0        vmnic1
   49      Veth1     UP   UP    FWD       0        New Virtual Machine.eth0
   50      Veth2     UP   UP    FWD       0        New Virtual Machine.eth1
   51      Veth3     UP   UP    FWD       0        New Virtual Machine.eth2
   52      Veth4     UP   UP    FWD       0        New Virtual Machine.eth3
 
* F/B: Port is BLOCKED on some of the vlans.
 Please run "vemcmd show port vlans" to see the details. 
n1000v#

Example 19-7 show virtual-service-domain name vsd_name

n1000v# show virtual-service-domain name vsd1
Default Action: drop
___________________________
Interface        Type
___________________________
Vethernet1       Member
Vethernet2       Member
Vethernet3       Member
Vethernet6       Member
Vethernet7       Inside
Vethernet8       Outside
 
n1000v#

Example 19-8 show virtual-service-domain brief

n1000v# show virtual-service-domain brief
Name   vsd-id    default action    in-ports   out-ports   mem-ports    Modules with 
                                                                       VSD Enabled
zone    1         forward           1          1           2            4
n1000v#

Example 19-9 show virtual-service-domain interface

n1000v# sho virtual-service-domain interface
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Name             Interface             Type      Status
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
vsd1             Vethernet1            Member    Active
vsd1             Vethernet2            Member    Active
vsd1             Vethernet3            Member    Active
vsd1             Vethernet6            Member    Active
vsd1             Vethernet7            Inside    Active
vsd1             Vethernet8            Outside   Active
vsd2             Vethernet9            Inside    Active
vsd2             Vethernet10           Outside   Active

Example 19-10 module module_number execute vemcmd show vsd

n1000v# module vem 4 execute vemcmd show vsd 
ID Def_Act ILTL OLTL NMLTL State Member LTLs 
1 FRWD 51 50 1 ENA 49 
n1000v# 

Example 19-11 module module_number execute vemcmd show vsd ports

n1000v# module vem 4 execute vemcmd show vsd ports 
LTL IfIndex VSD_ID VSD_PORT_TYPE 
49 1c000010 1 REGULAR 
50 1c000040 1 OUTSIDE 
51 1c000030 1 INSIDE 
n1000v# 

Example 19-12 show port-profile name UpLinkProfile

n1000v# show port-profile name UpLinkProfile3
port-profile UpLinkProfile3
  description:
  type: vethernet
  status: disabled
  capability l3control: no
  pinning control-vlan: -
  pinning packet-vlan: -
  system vlans: none
  port-group:
  max ports: 32
  inherit:
  config attributes:
    channel-group auto mode on sub-group manual
  evaluated config attributes:
    channel-group auto mode on sub-group manual
  assigned interfaces:
n1000v#