Virtual Service Domain
This chapter describes how to identify and resolve problems related to Virtual Service Domain (VSD).
This chapter includes the following sections:
Information about Virtual Service Domain
A Virtual Service Domain (VSD) is a logical group of interfaces that is serviced by a common Service VM (SVM). With VSD the Cisco Nexus 1000V can support third party appliances such as vShield.
VSD lets you classify and separate traffic for network services such as firewalls and traffic monitoring.
Multiple VSDs can co-exist on a host; with each VSD serviced by an SVM.
For more information, to configure VSD, an example configuration, and for configuration limits, see the Cisco Nexus 1000V System Management Configuration Guide.
Problems with Virtual Service Domain
The following are symptoms, possible causes, and solutions for problems with VSD.
|
|
|
|
The SVM does not come online. |
There is more than one SVM per VSD per host. There can be only one SVM per VSD per host. If a second SVM tries to come up, the SVM ports are error disabled. |
1. Check for multiple SVMs per VSD per host. show virtual-service-domain interface If output indicates Invalid SVM interface, then there are multiple SVMs per VSD per host. 2. Remove or relocate one of the SVMs. |
A loop occurs. |
SVM ports are not correctly attached to the inside and outside port profiles. |
1. Turn off the SVM looping capability or the SVM itself. 2. Display the interfaces attached to the port profiles. show port-profile usage 3. Correct configuration errors. For information about configuring VSD, see the Cisco Nexus 1000V System Management Configuration Guide. |
Collecting and Evaluating Logs
You can use the commands in this section from the VSM to collect and view logs related to VSD captured as follows:
- VSM logs: /var/log/external/startupdebug
- VEM DPAlogs: /var/log/vemdpa.log
|
|
|
module vem module_number execute vemdpalog writelogs module vem module_number execute vemdpalog debug sfvsimagent all |
Enables the DPA logs and writes them to vemdpa.log. |
module vem module_number execute vemdpalog start module vem module_number execute vemdpalog stop |
Starts and stops DPA logging for viewing. |
module vem module_number execute vemdpalog show all |
Displays DPA logs. |
module vem module_number execute vemlog debug sfvsim all |
Enables DP logs. |
module vem module_number execute vemlog start module vem module_number execute vemlog stop |
Starts and stops DP logging for viewing. |
module vem module_number execute vemlog show all |
Displays DPA logs. |
Example 20-1 VSM Logs
2011 Feb 17 10:14:01 vsm vsim: <{vsim}> [DBG]==============ZONES===============
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Zone_id: 1, name: vsd1, is_in_use? 1, default_action: (DROP), member_cnt: 5
2011 Feb 17 10:14:01 vsm vsim: <{vsim}> [DBG]==============INTFS===============
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000000, zoneid 1, status ATTACHED, type SVM_MEMBER (2)
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000010, zoneid 1, status ATTACHED, type SVM_MEMBER (2)
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000020, zoneid 1, status ATTACHED, type SVM_MEMBER (2)
2011 Feb 17 10:14:01 vsm vsim: <{vsim}>[DBG]Ifindex 0x1c000030, zoneid 1, status ATTACHED, type SVM_MEMBER (2)
Example 20-2 VEM DPA Logs
Feb 17 16:11:02.645378: sfvsimagent: PDL Lite :Opening new session
Feb 17 16:11:02.723186: sfvsimagent: PDL Lite :Add policy callback
Feb 17 16:11:02.727281: sfvsimagent: PDL Lite :Add policy node callback
Feb 17 16:11:02.727293: sfvsimagent: sf_vsim_add_vzone: Entered
Feb 17 16:11:02.727303: sfvsimagent: sf_vsim_dpa_vzone_init: Entered
Feb 17 16:11:02.727324: sfvsimagent: MTS Opcode: 142337
Example 20-3 VEM Logs
Feb 17 15:58:42.924322 4411 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 18 dst ltl 10
Feb 17 15:58:42.924337 4412 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 9 dst ltl 8
Feb 17 15:58:43.038065 4413 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 18 dst ltl 10
Feb 17 15:58:43.038087 4414 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 9 dst ltl 8
Feb 17 15:58:43.038128 4415 2 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 8 dst ltl 4282
Feb 17 15:58:43.038152 4416 1 1 16 Debug sfvsimsrc: Reached vsim stage src ltl 10 dst ltl 18
Feb 17 15:58:43.038156 4417 2 0 0 Suspending log
Virtual Service Domain Troubleshooting Commands
You can use the commands in this section to troubleshoot problems related to VSD.
|
|
|
show system internal ethpm event-history interface |
Displays the request/response pre-configuration event. Useful when the port is error disabled. See Example 20-4 on page 20-4 . |
show system internal vsim event-history msgs |
Displays a log of the MTS events processed by VSIM. See Example 20-5 on page 20-4 . |
module vem mod-number execute vemcmd show port |
Displays the port state on the VEM. Useful for debugging traffic flow on interfaces. See Example 20-6 on page 20-5 . |
show virtual-service-domain name vsd-name |
Displays a specific VSD configuration. See Example 20-7 on page 20-5 . |
show virtual-service-domain brief |
Displays a summary of all VSD configurations. See Example 20-8 on page 20-5 . |
show virtual-service-domain interface |
Displays the interface configuration for all VSDs. See Example 20-9 on page 20-6 . |
module vem module_number execute vemcmd show vsd |
Displays the VEM VSD configuration by sending the command to the VEM from the remote Cisco Nexus 1000V. See Example 20-10 on page 20-6 . |
module vem module_number execute vemcmd show vsd ports |
Displays the VEM VSD ports configuration by sending the command to the VEM from the remote Cisco Nexus 1000V. See Example 20-11 on page 20-6 . |
show port-profile name profile-name |
Displays the port profile configuration. See |
Example 20-4 show system internal ethpm event-history interface vethernet 1
n1000v# show system internal ethpm event-history interface vethernet 1
18) Event:ESQ_REQ length:34, at 725272 usecs after Thu Feb 17 15:42:13 2011
Instance:469762048, Seq Id:0x1, Ret:success
[E_MTS_TX] Dst:MTS_SAP_VSIM(716), Opc:MTS_OPC_ETHPM_PORT_PRE_CFG(61441)
19) Event:ESQ_RSP length:34, at 739984 usecs after Thu Feb 17 15:42:13 2011
Instance:469762048, Seq Id:0x1, Ret:success
[E_MTS_RX] Src:MTS_SAP_VSIM(716), Opc:MTS_OPC_ETHPM_PORT_PRE_CFG(61441)
Example 20-5 show system internal vsim event-history msgs
n1000v# show system internal vsim event-history msgs
1) Event:E_MTS_RX, length:60, at 215249 usecs after Thu Feb 17 10:16:53 2011
[REQ] Opc:MTS_OPC_SDWRAP_DEBUG_DUMP(1530), Id:0X000C14C4, Ret:SUCCESS
Src:0x00000101/2282, Dst:0x00000101/716, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x000C14C4, Sync:UNKNOWN, Payloadsize:216
0x0000: 01 00 2f 74 6d 70 2f 64 62 67 64 75 6d 70 32 34
2) Event:E_MTS_TX, length:60, at 833885 usecs after Thu Feb 17 10:14:01 2011
[NOT] Opc:MTS_OPC_FSMUTILS_SYNC_PSS_TO_STDBY(1523), Id:0X000C05B3, Ret:SUCCESS
Src:0x00000101/716, Dst:0x00000101/0, Flags:None
HA_SEQNO:0X00000000, RRtoken:0x00000000, Sync:UNKNOWN, Payloadsize:380
0x0000: 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01
3) Event:E_FU_UNLOCK, length:36, at 820289 usecs after Thu Feb 17 10:14:01 2011
Gwrap: 0x80fa09c Cat: 0x0
Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682)
0x0000: 01 00 00 00 00 00 00 01
4) Event:E_FU_UNLOCK, length:36, at 818291 usecs after Thu Feb 17 10:14:01 2011
Gwrap: 0x80fa09c Cat: 0x0
Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682)
0x0000: 00 00 00 1c 00 00 00 02
5) Event:E_FU_UNLOCK, length:36, at 816421 usecs after Thu Feb 17 10:14:01 2011
Gwrap: 0x80fa09c Cat: 0x0
Opc:MTS_OPC_VSH_CMD_TLV_SYNC(7682)
0x0000: 10 00 00 1c 00 00 00 02
Example 20-6 module vem # execute vemcmd show port
n1000v# module vem 3 execute vemcmd show port
LTL VSM Port Admin Link State PC-LTL SGID Vem Port
18 Eth3/2 UP UP F/B* 0 vmnic1
49 Veth1 UP UP FWD 0 New Virtual Machine.eth0
50 Veth2 UP UP FWD 0 New Virtual Machine.eth1
51 Veth3 UP UP FWD 0 New Virtual Machine.eth2
52 Veth4 UP UP FWD 0 New Virtual Machine.eth3
* F/B: Port is BLOCKED on some of the vlans.
Please run "vemcmd show port vlans" to see the details.
Example 20-7 show virtual-service-domain name vsd_name
n1000v# show virtual-service-domain name vsd1
___________________________
___________________________
Example 20-8 show virtual-service-domain brief
n1000v# show virtual-service-domain brief
Name vsd-id default action in-ports out-ports mem-ports Modules with
Example 20-9 show virtual-service-domain interface
n1000v# sho virtual-service-domain interface
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Name Interface Type Status
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
vsd1 Vethernet1 Member Active
vsd1 Vethernet2 Member Active
vsd1 Vethernet3 Member Active
vsd1 Vethernet6 Member Active
vsd1 Vethernet7 Inside Active
vsd1 Vethernet8 Outside Active
vsd2 Vethernet9 Inside Active
vsd2 Vethernet10 Outside Active
Example 20-10 module module_number execute vemcmd show vsd
n1000v# module vem 4 execute vemcmd show vsd
ID Def_Act ILTL OLTL NMLTL State Member LTLs
1 FRWD 51 50 1 ENA 49
n1000v#
Example 20-11 module module_number execute vemcmd show vsd ports
n1000v# module vem 4 execute vemcmd show vsd ports
LTL IfIndex VSD_ID VSD_PORT_TYPE
49 1c000010 1 REGULAR
50 1c000040 1 OUTSIDE
51 1c000030 1 INSIDE
n1000v#
Example 20-12 show port-profile name UpLinkProfile
n1000v# show port-profile name UpLinkProfile3
port-profile UpLinkProfile3
channel-group auto mode on sub-group manual
evaluated config attributes:
channel-group auto mode on sub-group manual
Feedback