Edge에 생성되어 있는 Logical Router 내에 여러 Interface가 존재하는데 이 Interface 별로 Stat 정보를 조회할 수 있습니다.
Stat 정보 조회 시, 여러 가지 값들이 조회 되는데 이 중 "No-neighbor"에 대한 질의가 있어 확인한 내용을 공유하고자 합니다.
우선 Logical Router의 특정 Interface에 대해서 Stat 정보를 조회해보겠습니다.
| edge-node-01> get logical-routers Sat Feb 24 2024 UTC 13:15:11.332 Logical Router UUID VRF LR-ID Name Type Ports Neighbors 736a80e3-23f6-5a2d-81d6-bbefb2786666 0 0 TUNNEL 4 6/5000 4f22c0b3-4a2f-4840-a8d2-cf8c797c087b 1 1 DR-Tier0-01 DISTRIBUTED_ROUTER_TIER0 5 2/50000 1eefa746-7662-4e21-8431-39dfc1f57394 2 2 SR-Tier0-01 SERVICE_ROUTER_TIER0 6 2/50000 d533b216-a47a-4200-9eb3-007e68c3a024 4 9 SR-tier1-01 SERVICE_ROUTER_TIER1 5 2/50000 5bc895a7-8cc3-4332-9b1a-abe3bd64fa22 5 8 DR-tier1-01 DISTRIBUTED_ROUTER_TIER1 4 2/50000 >>> 96486497-be55-4cc3-8ae1-bbc7fe391d4b 6 11 SR-one-arm SERVICE_ROUTER_TIER1 5 2/50000 |
Logical Router 중 Tier-1에 위치한 DR에는 어떤 Interface들이 있는지 확인합니다.
| edge-node-01> get logical-router 5bc895a7-8cc3-4332-9b1a-abe3bd64fa22 interfaces Sat Feb 24 2024 UTC 13:16:17.334 Logical Router UUID VRF LR-ID Name Type 5bc895a7-8cc3-4332-9b1a-abe3bd64fa22 5 8 DR-tier1-01 DISTRIBUTED_ROUTER_TIER1 Interfaces (IPv6 DAD Status A-DAD_Success, F-DAD_Duplicate, T-DAD_Tentative, U-DAD_Unavailable) Interface : 6ad31edf-449d-5871-b330-d15908ac64b0 Ifuid : 297 Mode : cpu Port-type : cpu Enable-mcast : false Interface : 810bd7e8-d6ce-5f8d-8f0d-9ff1986ae2ee Ifuid : 298 Mode : blackhole Port-type : blackhole Interface : a62f9b69-c532-44a8-89a0-3e42c6292d94 >>> Ifuid : 299 Name : infra-overlay-seg-3101-dlrp Fwd-mode : IPV4_ONLY Mode : lif Port-type : downlink >>> IP/Mask : 172.31.1.1/24 >>> MAC : 02:50:56:56:44:52 VNI : 71680 Access-VLAN : untagged LS port : 44c4d076-1e45-4632-bbf6-c458e1b3c6dc Urpf-mode : STRICT_MODE DAD-mode : LOOSE RA-mode : SLAAC_DNS_TRHOUGH_RA(M=0, O=0) Admin : up Op_state : up Enable-mcast : True MTU : 1500 arp_proxy : Interface : 237bf6e9-5d44-4f46-9f97-9346d30d9619 Ifuid : 300 Name : bp-dr-port Fwd-mode : IPV4_ONLY Mode : lif Port-type : backplane IP/Mask : 169.254.0.1/28;fe80::50:56ff:fe56:4452/64(NA) MAC : 02:50:56:56:44:52 VNI : 66560 Access-VLAN : untagged LS port : 489b6fc7-535c-4978-ab9a-ef87e8301035 Urpf-mode : PORT_CHECK DAD-mode : LOOSE RA-mode : RA_INVALID Admin : up Op_state : up Enable-mcast : True MTU : 1500 arp_proxy : |
몇 가지 Interface가 확인되는데 이 중 Segment의 Gateway로 사용되는 downlink Interface를 가지고 Stat 정보를 조회해보겠습니다.
| edge-node-01> get logical-router interface a62f9b69-c532-44a8-89a0-3e42c6292d94 stats Sat Feb 24 2024 UTC 13:17:55.800 interface : a62f9b69-c532-44a8-89a0-3e42c6292d94 ifuid : 299 VRF : 5bc895a7-8cc3-4332-9b1a-abe3bd64fa22 name : infra-overlay-seg-3101-dlrp IP/Mask : 172.31.1.1/24 MAC : 02:50:56:56:44:52 VNI : 71680 LS port : 44c4d076-1e45-4632-bbf6-c458e1b3c6dc urpf-mode : STRICT_MODE admin : up op_state : up MTU : 1500 statistics RX-Packets : 474715 RX-Bytes : 21114762 RX-Drops : 468816 Blocked : 0 DST-Unsupported: 0 Firewall : 137 Malformed : 0 No-Receiver : 0 No-Route : 0 RPF-Check : 70 Protocol-Unsupported: 468492 IPv6 : 117 Port-Unsupported: 0 TTL-Exceeded: 0 Kni : 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 TX-Packets : 64796 TX-Bytes : 4827033 TX-Drops : 100 Blocked : 0 Firewall : 60 Frag-Needed : 0 No-neighbor : 40 >>> No-Memory : 0 No-Linked-Port: 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 IPsec-Policy-Error: 0 IPsec-Policy-Block: 0 IP Ressemble Fragments-OK: 0 Fragemnts-Error: 0 Fragments-Timeout: 0 IP Fragment Fragments-OK: 0 Fragments-Error: 0 |
위에서 조회된 Stat 정보 중 TX-Drops 항목 하위에 No-neighbor 값이 위치한 것을 알 수 있습니다.
No-neighbor는 "Packet dropped due to ARP failure"로 정의되어 있습니다.
즉, downlink Interface에 연결된 Segment를 향해 ARP Request/Reply를 통한 IP/MAC Learning을 실패하는 경우, No-neighbor 값이 증가할 수 있을 것으로 예상됩니다.
이를 확인하기 위해, 외부에서 172.31.1.0/24 Segment에 있는 임의의 사용되지 않고 있는 IP Address에 대해서 Ping 테스트를 하는 도중 No-neighbor 값이 증가하는지를 살펴보겠습니다.
테스트 전
| edge-node-01> get logical-router interface a62f9b69-c532-44a8-89a0-3e42c6292d94 stats Sat Feb 24 2024 UTC 13:23:07.520 interface : a62f9b69-c532-44a8-89a0-3e42c6292d94 ifuid : 299 VRF : 5bc895a7-8cc3-4332-9b1a-abe3bd64fa22 name : infra-overlay-seg-3101-dlrp IP/Mask : 172.31.1.1/24 MAC : 02:50:56:56:44:52 VNI : 71680 LS port : 44c4d076-1e45-4632-bbf6-c458e1b3c6dc urpf-mode : STRICT_MODE admin : up op_state : up MTU : 1500 statistics RX-Packets : 474715 RX-Bytes : 21114762 RX-Drops : 468816 Blocked : 0 DST-Unsupported: 0 Firewall : 137 Malformed : 0 No-Receiver : 0 No-Route : 0 RPF-Check : 70 Protocol-Unsupported: 468492 IPv6 : 117 Port-Unsupported: 0 TTL-Exceeded: 0 Kni : 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 TX-Packets : 64799 TX-Bytes : 4827243 TX-Drops : 100 Blocked : 0 Firewall : 60 Frag-Needed : 0 No-neighbor : 40 >>> No-Memory : 0 No-Linked-Port: 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 IPsec-Policy-Error: 0 IPsec-Policy-Block: 0 IP Ressemble Fragments-OK: 0 Fragemnts-Error: 0 Fragments-Timeout: 0 IP Fragment Fragments-OK: 0 Fragments-Error: 0 |
테스트
| C:\>ping 172.31.1.37 Pinging 172.31.1.37 with 32 bytes of data: Reply from 172.31.1.1: Destination host unreachable. Reply from 172.31.1.1: Destination host unreachable. Reply from 172.31.1.1: Destination host unreachable. Reply from 172.31.1.1: Destination host unreachable. Ping statistics for 172.31.1.37: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), |
테스트 후
| edge-node-01> get logical-router interface a62f9b69-c532-44a8-89a0-3e42c6292d94 stats Sat Feb 24 2024 UTC 13:24:18.056 interface : a62f9b69-c532-44a8-89a0-3e42c6292d94 ifuid : 299 VRF : 5bc895a7-8cc3-4332-9b1a-abe3bd64fa22 name : infra-overlay-seg-3101-dlrp IP/Mask : 172.31.1.1/24 MAC : 02:50:56:56:44:52 VNI : 71680 LS port : 44c4d076-1e45-4632-bbf6-c458e1b3c6dc urpf-mode : STRICT_MODE admin : up op_state : up MTU : 1500 statistics RX-Packets : 474715 RX-Bytes : 21114762 RX-Drops : 468816 Blocked : 0 DST-Unsupported: 0 Firewall : 137 Malformed : 0 No-Receiver : 0 No-Route : 0 RPF-Check : 70 Protocol-Unsupported: 468492 IPv6 : 117 Port-Unsupported: 0 TTL-Exceeded: 0 Kni : 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 TX-Packets : 64812 TX-Bytes : 4827817 TX-Drops : 104 Blocked : 0 Firewall : 60 Frag-Needed : 0 No-neighbor : 44 >>> No-Memory : 0 No-Linked-Port: 0 IPsec : 0 IPsec-NoSA : 0 IPsec-NoVTI : 0 IPsec-Policy-Error: 0 IPsec-Policy-Block: 0 IP Ressemble Fragments-OK: 0 Fragemnts-Error: 0 Fragments-Timeout: 0 IP Fragment Fragments-OK: 0 Fragments-Error: 0 |
결과적으로, No-neighbor는 간단하게 ARP Protocol 실패 횟수에 대한 Count를 관리하는 Stat 정보인 것을 알 수 있습니다.
[참고 자료]
Interpreting NSX Edge Interface stats (96507)
https://kb.vmware.com/s/article/96507
'Networking' 카테고리의 다른 글
| "incomp" state entries are detected due to ARP resolution failure (0) | 2024.03.03 |
|---|---|
| Dataplaned process cannot start due to lack of malloc_heap (0) | 2024.03.03 |
| [NSX] Failed to bring up one of vNICs after vMotion of VM edge (0) | 2024.02.13 |
| [NSX] Gateway Firewall (0) | 2024.01.28 |
| [NSX] Distributed Firewall (1) | 2024.01.26 |
