Practical NSX: TraceFlow

Traceflow is another monitoring and troubleshooting tool available within NSX. Traceflow injects a packet (L2 or L3) into a vNIC and follows it through the various network overlay components and distributed firewall rules all the way to the destination virtual machine. Let’s have a look at an example.

Networking & Security > Traceflow

Select the traffic type.

Select the source VM.

Select target VM.

Configure the protocol, port, and tcp flags via the advanced options then start the trace.

The trace shows that the packet was dropped due to a firewall rule (id 1006).

Looking at the firewall rule with id 1006, we can see that it’s configured to stop any traffic from web-01a to web-02a.

Let’s disable the firewall rule and rerun the trace.

The trace shows that the packet has been delievered (:

I hope this post is helpful. Thank you for reading.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

Sharing is caring!

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *