NSX-T (VMware NSX) のトラブルシューティングに関するコマンド をご紹介します。今回は 分散Firewall周りのコマンド のご紹介です。
- 動作確認環境:NSX-T 4.1.1.0
分散Firewall関連 トラブルシューティング用コマンド: NSX Manager(nsxcli)からの実行
- get firewall summary
nsxmgr> get firewall summary
section_type section_count rule_count
----------------- ------------- ----------
L2DFW 1 1
L3DFW 2 5
L3LOGICALROUTERFW 4 6
3 row(s)
- get firewall exclude-list
nsxmgr> get firewall exclude-list
target_id target_type target_display_name
--------- ----------- -------------------
0 row(s)
- get firewall status
nsxmgr> get firewall status
context global_status _revision
--------------- ------------- ---------
transport_nodes ENABLED 0
logical_routers ENABLED 0
bridge_ports ENABLED 0
3 row(s)
分散Firewall関連 トラブルシューティング用コマンド: ESXi(nsxcli)からの実行
- get firewall status
[root@esxi01:~] nsxcli
esxi01.site.b.noslab.com> get firewall status
Fri Jul 12 2024 UTC 02:25:33.805
Firewall Status
----------------------------------------------------------------------
enabled
- summarize-dvfilter : vNICに適用されるFirewallフィルター、dvfilterのリスト
詳しくはこちらを参照
esxi01.test.com> exit
[root@esxi01:~] summarize-dvfilter
Fastpaths:
agent: vmware-si, refCount: 1, rev: 0x1010000, apiRev: 0x1010000, module: nsxt-vsip-22224315
agent: vmware-sfw, refCount: 7, rev: 0x1010000, apiRev: 0x1010000, module: nsxt-vsip-22224315
agent: ESXi-Firewall, refCount: 4, rev: 0x1010000, apiRev: 0x1010000, module: esxfw
agent: dvfilter-generic-vmware, refCount: 1, rev: 0x1010000, apiRev: 0x1010000, module: dvfilter-generic-fastpath
agent: dvfilter-faulter, refCount: 1, rev: 0x1010000, apiRev: 0x1010000, module: dvfilter
ServiceVMs:
serviceVM: 1, agent vmware-sfw, refCount: 2, rev: 0x4, apiRev: 0x4, capabilities: csum,tso
serviceVM: 2, agent vmware-sfw, refCount: 2, rev: 0x4, apiRev: 0x4, capabilities: csum,tso
Filters:
world 0 <no world>
port 67108876 vmk0
vNic slot 0
name: nic-0-eth4294967295-ESXi-Firewall.0
agentName: ESXi-Firewall
state: IOChain Attached
vmState: Detached
failurePolicy: failOpen
serviceVMID: none
filter source: Invalid
moduleName: esxfw
port 100663309 vmk10
vNic slot 0
name: nic-0-eth4294967295-ESXi-Firewall.0
agentName: ESXi-Firewall
state: IOChain Attached
vmState: Detached
failurePolicy: failOpen
serviceVMID: none
filter source: Invalid
moduleName: esxfw
port 100663310 vmk50
vNic slot 0
name: nic-0-eth4294967295-ESXi-Firewall.0
agentName: ESXi-Firewall
state: IOChain Attached
vmState: Detached
failurePolicy: failOpen
serviceVMID: none
filter source: Invalid
moduleName: esxfw
world 1051747 vmm0:edge-1 vcUuid:'50 1f fc 67 79 09 af 83-b8 c0 96 cf 07 b7 24 c2'
port 67108880 edge-1.eth0
vNic slot 2
name: nic-1051747-eth0-vmware-sfw.2
agentName: vmware-sfw
state: IOChain Attached
vmState: Detached
failurePolicy: failClosed
serviceVMID: none
filter source: Dynamic Filter Creation
moduleName: nsxt-vsip-22224315
world 81832462 vmm0:test vcUuid:'50 1f ba 9e 7f b8 56 e4-8a e8 4b 6c 11 4f d4 5e'
port 134217746 test
vNic slot 2
name: nic-81832462-eth0-vmware-sfw.2
agentName: vmware-sfw
state: IOChain Attached
vmState: Detached
failurePolicy: failClosed
serviceVMID: none
filter source: Dynamic Filter Creation
moduleName: nsxt-vsip-22224315
world 81834172 vmm0:vm2-3 vcUuid:'50 1f e1 1e 3b 1d 0c 6f-5d 12 82 1e 4b 53 dd 19'
port 100663315 vm2-3.eth0
vNic slot 2
name: nic-81834172-eth0-vmware-sfw.2
agentName: vmware-sfw
state: IOChain Attached
vmState: Attached
failurePolicy: failClosed
serviceVMID: 1
filter source: Dynamic Filter Creation
moduleName: nsxt-vsip-22224315
world 97222673 vmm0:vm2-1 vcUuid:'50 1f c4 c6 48 f8 2c c1-24 c4 4f 34 46 de 4b a7'
port 100663318 vm2-1.eth0
vNic slot 2
name: nic-97222673-eth0-vmware-sfw.2
agentName: vmware-sfw
state: IOChain Attached
vmState: Attached
failurePolicy: failClosed
serviceVMID: 2
filter source: Dynamic Filter Creation
moduleName: nsxt-vsip-22224315