Recently, I ran some tests to verify Multicast, QoS, and Security settings that I implemented on the Nexus 1000V. I wasn’t seeing the results that I expected. So, I setup Wireshark on a VM to examine the packets…
The Nexus 1000V allows you to use either SPAN or ERSPAN to forward packet data. ERSPAN requires an additional VMkernel in vSphere and creating a special Nexus 1000V Port Profile with L3Control enabled. Since my workload was relatively small, I decided to go with SPAN since the only requirement is to have the data collector and source VMs on the same ESXi host.
Before we can collect the data, we need to know which Vethernet port belongs to the Wireshark VM:
1. Get the DV Port value for the Wireshark VM NIC from the VM Properties:
2. On the Cisco Nexus 1000V VSM, use the DV Port Number to get the Vethernet Port information on the Nexus 1000V
VSMvCloud# show interface | include "DVS port 418" prev 5 Vethernet19 is up Port description is qos-Analytics, Network Adapter 1 Hardware: Virtual, address: 0050.56ab.68c8 (bia 0050.56ab.68c8) Owner is VM "qos-Analytics", adapter is Network Adapter 1 Active on module 4 VMware DVS port 418
You can verify that you have the right VM by looking at the Port description and Owner is VM values.
We then create a monitoring session on the Cisco Nexus 1000V to forward information about the VLANs, Vethernet ports, or Ethernet ports that we are interested in (VLAN 180 in my case):
VSMvCloud# configure terminal VSMvCloud(config)# monitor session 2 VSMvCloud(config-monitor)# description QoS Debug VSMvCloud(config-monitor)# source vlan 180 both VSMvCloud(config-monitor)# destination interface Vethernet19 VSMvCloud(config-monitor)# no shutdown
The monitoring session number doesn’t really matter. Just be careful that you don’t overwrite an existing session (run show monitor to see a list of existing session numbers). The last command, no shutdown, begins the flow of traffic to the Wireshark VM’s NIC. If your VM has only one NIC, you will lose connectivity if you’re accessing it via VNC\Remote Desktop. You will either need to use the vSphere Client console or add a second NIC to access the VM while monitor session is running.
Now, you can open up WireShark, apply the necessary filters, and examine the information being sent over. In the screenshot below, I wanted to verify that the correct DSCP value (af11) was being applied to my network traffic.
When you are done with your testing, be sure to shutdown the monitoring session:
VSMvCloud# configure terminal VSMvCloud(config)# monitor session 2 VSMvCloud(config-monitor)# shutdown VSMvCloud(config-monitor)# end VSMvCloud# copy running-config startup-config
…And don’t forget to save your work!