Virtual Service Domain
This chapter describes how to identify and resolve problems related to Virtual Service Domain (VSD).
This chapter includes the following sections:
Information about Virtual Service Domain
A Virtual Service Domain (VSD) is a logical group of interfaces that is serviced by a common Service VM (SVM). With VSD the Cisco Nexus 1000V can support third party appliances such as vShield.
VSD lets you classify and separate traffic for network services such as firewalls and traffic monitoring.
Multiple VSDs can co-exist on a host; with each VSD serviced by an SVM.
For more information, to configure VSD, an example configuration, and for configuration limits, see the
Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4a)
.
Problems with Virtual Service Domain
The following are symptoms, possible causes, and solutions for problems with VSD.
|
|
|
The SVM does not come online.
|
There is more than one SVM per VSD per host.
There can be only one SVM per VSD per host. If a second SVM tries to come up, the SVM ports are error disabled.
|
1. Check for multiple SVMs per VSD per host.
show virtual-service-domain interface
If output indicates Invalid SVM interface, then there are multiple SVMs per VSD per host.
2. Remove or relocate one of the SVMs.
|
A loop occurs.
|
SVM ports are not correctly attached to the inside and outside port profiles.
|
1. Turn off the SVM looping capability or the SVM itself.
2. Display the interfaces attached to the port profiles.
show port-profile usage
3. Correct configuration errors.
For information about configuring VSD, see the
Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV1(4a)
.
|
Collecting and Evaluating Logs
You can use the commands in this section from the VSM to collect and view logs related to VSD captured as follows:
-
VSM logs: /var/log/external/startupdebug
-
VEM DPAlogs: /var/log/vemdpa.log
|
|
module vem
module_number
execute vemdpalog writelogs
module vem
module_number
execute vemdpalog debug sfvsimagent all
|
Enables the DPA logs and writes them to vemdpa.log.
|
module vem
module_number
execute vemdpalog
start
module vem
module_number
execute vemdpalog
stop
|
Starts and stops DPA logging for viewing.
|
module vem
module_number
execute vemdpalog
show all
|
Displays DPA logs.
|
module vem
module_number
execute vemlog debug sfvsim all
|
Enables DP logs.
|
module vem
module_number
execute vemlog
start
module vem
module_number
execute vemlog
stop
|
Starts and stops DP logging for viewing.
|
module vem
module_number
execute vemlog
show all
|
Displays DPA logs.
|
Example 20-1 VSM Logs
2011 Feb 17 10:14:01 vsm vsim: <{vsim}> [DBG]==============ZONES=============== 2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Zone_id: 1, name: vsd1, is_in_use? 1, default_action: (DROP), member_cnt: 5 2011 Feb 17 10:14:01 vsm vsim: <{vsim}> [DBG]==============INTFS=============== 2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000000, zoneid 1, status ATTACHED, type SVM_MEMBER (2) 2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000010, zoneid 1, status ATTACHED, type SVM_MEMBER (2) 2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000020, zoneid 1, status ATTACHED, type SVM_MEMBER (2) 2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000030, zoneid 1, status ATTACHED, type SVM_MEMBER (2)
Example 20-2 VEM DPA Logs
Feb 17 16:11:02.645378: sfvsimagent: PDL Lite :Opening new session Feb 17 16:11:02.723186: sfvsimagent: PDL Lite :Add policy callback Feb 17 16:11:02.727281: sfvsimagent: PDL Lite :Add policy node callback Feb 17 16:11:02.727293: sfvsimagent: sf_vsim_add_vzone: Entered Feb 17 16:11:02.727303: sfvsimagent: sf_vsim_dpa_vzone_init: Entered Feb 17 16:11:02.727324: sfvsimagent: MTS Opcode: 142337
Example 20-3 VEM Logs
Feb 17 15:58:42.924322 4411 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 18 dst ltl 10 Feb 17 15:58:42.924337 4412 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 9 dst ltl 8 Feb 17 15:58:43.038065 4413 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 18 dst ltl 10 Feb 17 15:58:43.038087 4414 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 9 dst ltl 8 Feb 17 15:58:43.038128 4415 2 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 8 dst ltl 4282 Feb 17 15:58:43.038152 4416 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 10 dst ltl 18 Feb 17 15:58:43.038156 4417 2 0 0 Suspending log
Virtual Service Domain Troubleshooting Commands
You can use the commands in this section to troubleshoot problems related to VSD.
|
|
show system internal ethpm event-history interface
|
Displays the request/response pre-configuration event. Useful when the port is error disabled.
See
Example 20-4 on page 20-4
.
|
show system internal vsim event-history msgs
|
Displays a log of the MTS events processed by VSIM.
See
Example 20-5 on page 20-4
.
|
module vem
mod-number
execute vemcmd show port
|
Displays the port state on the VEM. Useful for debugging traffic flow on interfaces.
See
Example 20-6 on page 20-5
.
|
show virtual-service-domain name
vsd-name
|
Displays a specific VSD configuration.
See
Example 20-7 on page 20-5
.
|
show virtual-service-domain brief
|
Displays a summary of all VSD configurations.
See
Example 20-8 on page 20-5
.
|
show virtual-service-domain interface
|
Displays the interface configuration for all VSDs.
See
Example 20-9 on page 20-6
.
|
module vem
module_number
execute vemcmd show vsd
|
Displays the VEM VSD configuration by sending the command to the VEM from the remote Cisco Nexus 1000V.
See
Example 20-10 on page 20-6
.
|
module vem
module_number
execute vemcmd show vsd ports
|
Displays the VEM VSD ports configuration by sending the command to the VEM from the remote Cisco Nexus 1000V.
See
Example 20-11 on page 20-6
.
|
show port-profile name
profile-name
|
Displays the port profile configuration.
See
|
Example 20-4 show system internal ethpm event-history interface vethernet 1
n1000v# show system internal ethpm event-history interface vethernet 1 18) Event:ESQ_REQ length:34, at 725272 usecs after Thu Feb 17 15:42:13 2011 Instance:469762048, Seq Id:0x1, Ret:success [E_MTS_TX] Dst:MTS_SAP_VSIM(716), Opc:MTS_OPC_ETHPM_PORT_PRE_CFG(61441) 19) Event:ESQ_RSP length:34, at 739984 usecs after Thu Feb 17 15:42:13 2011 Instance:469762048, Seq Id:0x1, Ret:success [E_MTS_RX] Src:MTS_SAP_VSIM(716), Opc:MTS_OPC_ETHPM_PORT_PRE_CFG(61441)
Example 20-5 show system internal vsim event-history msgs
n1000v# show system internal vsim event-history msgs 1) Event:E_MTS_RX, length:60, at 215249 usecs after Thu Feb 17 10:16:53 2011 [REQ] Opc:MTS_OPC_SDWRAP_DEBUG_DUMP(1530), Id:0X000C14C4, Ret:SUCCESS Src:0x00000101/2282, Dst:0x00000101/716, Flags:None HA_SEQNO:0X00000000, RRtoken:0x000C14C4, Sync:UNKNOWN, Payloadsize:216 0x0000: 01 00 2f 74 6d 70 2f 64 62 67 64 75 6d 70 32 34 2) Event:E_MTS_TX, length:60, at 833885 usecs after Thu Feb 17 10:14:01 2011 [NOT] Opc:MTS_OPC_FSMUTILS_SYNC_PSS_TO_STDBY(1523), Id:0X000C05B3, Ret:SUCCESS Src:0x00000101/716, Dst:0x00000101/0, Flags:None HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:380 0x0000: 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 3) Event:E_FU_UNLOCK, length:36, at 820289 usecs after Thu Feb 17 10:14:01 2011 Gwrap: 0x80fa09c Cat: 0x0 Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682) 0x0000: 01 00 00 00 00 00 00 01 4) Event:E_FU_UNLOCK, length:36, at 818291 usecs after Thu Feb 17 10:14:01 2011 Gwrap: 0x80fa09c Cat: 0x0 Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682) 0x0000: 00 00 00 1c 00 00 00 02 5) Event:E_FU_UNLOCK, length:36, at 816421 usecs after Thu Feb 17 10:14:01 2011 Gwrap: 0x80fa09c Cat: 0x0 Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682) 0x0000: 10 00 00 1c 00 00 00 02
Example 20-6 module vem # execute vemcmd show port
n1000v# module vem 3 execute vemcmd show port LTL VSM Port Admin Link State PC-LTL SGID Vem Port 18 Eth3/2 UP UP F/B* 0 vmnic1 49 Veth1 UP UP FWD 0 New Virtual Machine.eth0 50 Veth2 UP UP FWD 0 New Virtual Machine.eth1 51 Veth3 UP UP FWD 0 New Virtual Machine.eth2 52 Veth4 UP UP FWD 0 New Virtual Machine.eth3 * F/B: Port is BLOCKED on some of the vlans. Please run "vemcmd show port vlans" to see the details.
Example 20-7 show virtual-service-domain name
vsd_name
n1000v# show virtual-service-domain name vsd1 ___________________________ ___________________________
Example 20-8 show virtual-service-domain brief
n1000v# show virtual-service-domain brief Name vsd-id default action in-ports out-ports mem-ports Modules with
Example 20-9 show virtual-service-domain interface
n1000v# sho virtual-service-domain interface _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Name Interface Type Status _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ vsd1 Vethernet1 Member Active vsd1 Vethernet2 Member Active vsd1 Vethernet3 Member Active vsd1 Vethernet6 Member Active vsd1 Vethernet7 Inside Active vsd1 Vethernet8 Outside Active vsd2 Vethernet9 Inside Active vsd2 Vethernet10 Outside Active
Example 20-10 module
module_number
execute vemcmd show vsd
n1000v# module vem 4 execute vemcmd show vsd
ID Def_Act ILTL OLTL NMLTL State Member LTLs
1 FRWD 51 50 1 ENA 49
n1000v#
Example 20-11 module
module_number
execute
vemcmd show vsd ports
n1000v# module vem 4 execute vemcmd show vsd ports
LTL IfIndex VSD_ID VSD_PORT_TYPE
49 1c000010 1 REGULAR
50 1c000040 1 OUTSIDE
51 1c000030 1 INSIDE
n1000v#
Example 20-12 show port-profile name UpLinkProfile
n1000v# show port-profile name UpLinkProfile3 port-profile UpLinkProfile3 channel-group auto mode on sub-group manual evaluated config attributes: channel-group auto mode on sub-group manual