Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[NFX] Open vSwitch (OVS) commands for troubleshooting

0

0

Article ID: KB32283 KB Last Updated: 17 Apr 2020Version: 3.0
Summary:

This article lists the common commands for troubleshooting OVS related issues on an NFX250.

Solution:

Tips:

  • NFX250 has only one default OVS, named "ovs-sys-br".
  • An additional custom OVS can be created via the JDM CLI command:  set host-os vlans custom-ovs vlan-id none
  • OVS commands are executed on the Hypervisor.
  • On devices running nfx-2 (e.g. NFX250), OVS commands can be executed on the JDM shell by prepending the keyword jhost and a space before the OVS command:  jhost ovs-vsctl show
  • On devices running nfx-3 (e.g. NFX150, NFX250-NG, NFX350), OVS commands can be executed on vjunos0 shell, by prepending the keyword vhclient and a space before the OVS command, vhclient ovs-vsctl show
  • In this article, OVS commands are executed directly from the Hypervisor.

Common Troubleshooting Commands:

List all OVS on the NFX
Show all interfaces on all OVS
List ports on a specifc OVS
Find port numbers on a specific OVS
Check ports for packet drops
Check MAC table
Check specific interface for packet count/drops
Track changes on OVS db

Note: There will be slight difference in the output that you will see on NFX OVS command output than normal OVS command output. This is due to the customized integration of OVS and DPDK on the NFX platform. The NFX platform will bring up OVS bridge only when enhanced orchestration is enabled on the device.

1. List all OVS on the NFX

root@local-node:~# ovs-vsctl list-br
custom-ovs <-- Custom OVS
custom1-ovs
ovs-sys-br <-- Default OVS

2. Show all interfaces on all OVS

root@local-node:~# ovs-vsctl show  
fe12aeb7-dc57-413a-a754-4dd79486c2dc
    Bridge custom-ovs
        Port "vSRX-7_eth3"
            Interface "vSRX-7_eth3"
                type: dpdkvhostuser
                options: {dpdk-mtu="1500,2"}
        Port custom-ovs
            Interface custom-ovs
                type: internal
    Bridge ovs-sys-br
        Port "ipsec-nm_heth1"
            trunks: [4088]
            Interface "ipsec-nm_heth1"
        Port ovs-sys-br
            Interface ovs-sys-br
                type: internal
        Port "ipsec-nm_heth2"
            trunks: [99]
            Interface "ipsec-nm_heth2"
        Port "jdm_jsxe0"
            trunks: [1, 2, 3]
            Interface "jdm_jsxe0"
        Port "dpdk1"
            tag: 2
            Interface "dpdk1"
                type: dpdk
                options: {dpdk-mtu="2048,2"}
        Port jdm_phc
            tag: 1
            Interface jdm_phc
        Port "vjunos0_em1"
            Interface "vjunos0_em1"
        Port "vSRX-7_eth2"
            tag: 7
            Interface "vSRX-7_eth2"
                type: dpdkvhostuser
                options: {dpdk-mtu="1500,2"}
        Port "dpdk0"
            tag: 1
            Interface "dpdk0"
                type: dpdk
                options: {dpdk-mtu="2048,2"}
    ovs_version: "2.4.1"

3. List ports on a specifc OVS

root@local-node:~# ovs-vsctl list-ports ovs-sys-br
dpdk0
dpdk1
ipsec-nm_heth1
ipsec-nm_heth2
jdm_jsxe0
jdm_phc
vSRX-77_eth2
vSRX-7_eth2
vjunos0_em1

4. Find port numbers on a specific OVS

root@local-node:~# ovs-ofctl show ovs-sys-br  
OFPT_FEATURES_REPLY (xid=0x2): dpid:000000a0c9000010
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(dpdk0): addr:00:a0:c9:00:00:10
     config:     0
     state:      0
     current:    10GB-FD
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD 10GB-FD COPPER FIBER AUTO_NEG AUTO_PAUSE
     supported:  1GB-HD COPPER AUTO_NEG
     speed: 10000 Mbps now, 1000 Mbps max
 2(dpdk1): addr:00:a0:c9:00:00:11
     config:     0
     state:      0
     current:    10GB-FD
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD 10GB-FD COPPER FIBER AUTO_NEG AUTO_PAUSE
     supported:  1GB-HD COPPER AUTO_NEG
     speed: 10000 Mbps now, 1000 Mbps max
 3(ipsec-nm_heth1): addr:0a:87:aa:a5:fc:5e
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 4(ipsec-nm_heth2): addr:da:1d:fb:9e:b8:75
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 5(jdm_jsxe0): addr:8e:5a:d9:f7:d7:e1
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 6(jdm_phc): addr:e6:99:e4:df:17:5c
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 7(vjunos0_em1): addr:fe:54:00:0e:ac:1a
     config:     0
     state:      0
     current:    10MB-FD COPPER
     speed: 10 Mbps now, 0 Mbps max
 8(vSRX-7_eth2): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max

5. Check ports for packet drops

root@local-node:~# ovs-ofctl dump-ports ovs-sys-br  
OFPST_PORT reply (xid=0x2): 13 ports
  port 11: rx pkts=0, bytes=?, drop=?, errs=?, frame=?, over=?, crc=?
           tx pkts=218795, bytes=?, drop=10, errs=?, coll=?
  port LOCAL: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=488775, bytes=58059342, drop=488775, errs=0, coll=0
  port  9: rx pkts=0, bytes=?, drop=?, errs=?, frame=?, over=?, crc=?
           tx pkts=25768, bytes=?, drop=25, errs=?, coll=?
  port  5: rx pkts=77524, bytes=26509392, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=39, bytes=2792, drop=0, errs=0, coll=0
  port 12: rx pkts=0, bytes=?, drop=?, errs=?, frame=?, over=?, crc=?
           tx pkts=25769, bytes=?, drop=24, errs=?, coll=?
  port  1: rx pkts=113, bytes=9948, drop=50, errs=0, frame=0, over=0, crc=0
           tx pkts=25900, bytes=8833372, drop=0, errs=0, coll=0
  port  4: rx pkts=192418, bytes=8851460, drop=0, errs=0, frame=0, over=0, crc=0
           tx pkts=39, bytes=5960, drop=0, errs=0, coll=0

6. Check MAC table

root@local-node:~# ovs-appctl fdb/show ovs-sys-br  
 port  VLAN  MAC                Age
    5     1  ec:13:db:da:f6:4c  246
    5     3  ec:13:db:da:f6:4c  194
    8     7  ec:13:db:da:f6:50    2
    5     2  ec:13:db:da:f6:4c    1
    4    99  ec:13:db:da:f6:49    0

7. Check specific interface for packet count/drops

 root@local-node:~# ovs-vsctl get interface vSRX-77_eth4 statistics  
{rx_packets=0, tx_dropped=24, tx_packets=25777}


Note:  Prepend the ovs-vsctl command with watch, to monitor the packet count/drop live
root@local-node:~# watch ovs-vsctl get interface vSRX-77_eth4 statistics
 

8. Track changes on OVS db

root@local-node:~# ovsdb-tool -mm show-log /etc/openvswitch/conf.db
record 60: 2017-10-04 13:24:26.075 "ovs-vsctl: ovs-vsctl --if-exists del-port vSRX-77_eth3"
        table Interface row "vSRX-77_eth3" (071562e9): <-- Deleting interface
                delete row
        table Port row "vSRX-77_eth3" (a915bb77):
                delete row
        table Bridge row "custom-ovs" (3d54ebaf):
        table Open_vSwitch row ece994fe (ece994fe):

record 61: 2017-10-04 13:24:26.080
        table Open_vSwitch row ece994fe (ece994fe):

record 62: 2017-10-04 13:24:26.149 "ovs-vsctl: ovs-vsctl --may-exist add-port ovs-sys-br vSRX-77_eth3 -- set Interface vSRX-77_eth3 type=dpdkvhostuser options:dpdk-mtu=1500,2"
        table Interface insert row "vSRX-77_eth3" (13af1b3c): <-- Adding interface to OVS
        table Port insert row "vSRX-77_eth3" (90575b0d):
        table Bridge row "ovs-sys-br" (743dad4c):
        table Open_vSwitch row ece994fe (ece994fe):

record 63: 2017-10-04 13:24:26.153
        table Interface row "vSRX-77_eth3" (13af1b3c):
        table Open_vSwitch row ece994fe (ece994fe):

record 64: 2017-10-04 13:24:26.189 "ovs-vsctl: ovs-vsctl set port vSRX-77_eth3 tag=7,"
        table Port row "vSRX-77_eth3" (90575b0d):
        table Open_vSwitch row ece994fe (ece994fe):

record 65: 2017-10-04 13:24:26.192
        table Open_vSwitch row ece994fe (ece994fe):

Note: For packet capture on a VNF interface connected to OVS, refer to KB32285 - [NFX] Packet capture on the Open vSwitch (OVS) using port_util.sh.

Modification History:
2019-11-14: Article reviewed for accuracy. No changes made. Article is correct and complete.
2020-04-15: Added syntax for nfx-3 software. Also added watch syntax, and monitor drops interactively. 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search