Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
783
Views
2
Helpful
3
Replies

Where is that packet coming from?

JDMils
Level 1
Level 1

‎04-02-2023 09:33 PM

One of the network guys rang me to say they are seeing packet drops on the upstream Nexus6K coming from specific VLANs.

I checked each Service Profile Template by hand, one-by-one in the GUI, and found those VLANs in UCS as either being part of a vNIC Template (either added by VLAN # or by the VLAN group Name).

I'm pretty sure these VLANs are no longer used as they may have been decomed from the vCenters a while back, however before I remove them from the UCS VLAN definition, I'd like to make sure they are actually NOT being used. We have many vCenters running off the UCS environment and I have checked them and cannot see these VLANs in vSphere.

Is there a way in UCS to monitor packets for say VLAN ## to see where it is coming from? The source would be a server within the UCS environment. I don't have physical access to the FIs so plugging in a server/notebook into one of the available FI ports is not an option atm.

UCS Manager 4.1(1b)A

Labels:
0 Helpful
3 Replies 3

Flavio Miranda
VIP
VIP

‎04-03-2023 02:20 AM

Hi

 This document may help you. 

http://www.cisco.com/en/US/partner/docs/unified_computing/ucs/sw/cli/config/guide/1.4.1/CLI_Config_Guide_1_4_1_chapter42.html#task_C9A74F58E8FC4E1FB13F87F769569D46 

Search for 

Creating a Traffic Monitoring Session

0 Helpful

Steven Tardy
Cisco Employee
Cisco Employee

‎04-03-2023 08:42 AM

I would check the UCS FI mac address-table.

The UCS FI defaults to being in "end host mode" whereby the FI does NOT learn upstream Mac addresses. So (in theory) any VM/server/etc (actively) talking out the UCS on a given VLAN should only be on a server and visible in the mac address-table.

Checking from my Hyperflex lab:
(Note: check from both FI-A and FI-B, so check `connect nxos a` and `connect nxos b`)

HX-01-UCS-A# connect nxos a
HX-01-UCS-A(nxos)# show mac address-table vlan 311
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link
   VLAN     MAC Address      Type      age     Secure NTFY   Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
* 311      000c.292e.de3f    dynamic   0          F    F  Veth1235

..snip..
HX-01-UCS-A(nxos)# show interface Veth1235
Vethernet1235 is up
Bound Interface is Ethernet1/8
Port description is server 7, VNIC hv-mgmt-a
..snip..

So this (lab) output for VLAN 311 has something (x.x.de3f) talking out Veth 1235 which is Server 7 vNIC named "hv-mgmt-a".

From there investigate on the host OS/vSwitch/VM/etc.

Hope that helps.

JDMils
Level 1
Level 1
In response to Steven Tardy

‎04-03-2023 04:29 PM

That's super awesome Steven, however when I tried those commands I got no response indicating no traffic was recorded on the FIs.

MyFI-A01-A# connect nxos a
MyFI-A01-A(nxos)# show mac address-table vlan 66
MyFI-A01-A(nxos)# exit

MyFI-A01-A# connect nxos b
MyFI-A01-B(nxos)# show mac address-table vlan 66
MyFI-A01-B(nxos)#

Just to make sure I did it right, I logged into my FI-B and tried the same commands and got no results.

I will chase up the network team to find out exactly where the dropped packets are coming from.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card