Troubleshoot vSwitch Controller issues

This section contains information to help with troubleshooting vSwitch Controller issues.

Resource tree node status

The following table describes the status icons for each resource type. These icons appear in the resource tree and on the Status page for the item.

Items/Status Icons Description
VIFs  
Red Associated virtual machine (VM) is shut down or unreachable.
Green Virtual interface (VIF) is up and being managed.
Orange VM is running but the XenServer on which the VIF resides is not connected to the vSwitch Controller.
VMs  
Red VM is shut down or unreachable.
Green VM is in running state and VIFs are being managed.
Orange VM is running but the XenServer on which the VM resides is not correctly connected to the vSwitch Controller. This status depends on the collective state of the respective VIFs.
Server Networks  
Red XenServer is shut down or unreachable or no VMs have VIFs that are associated with the network.
Green XenServer is correctly connected to the vSwitch Controller.
Orange XenServer is not correctly configured to connect to the vSwitch Controller (depends on the collective state of the associated physical interfaces and VIFs).
XenServer  
Red XenServer is shut down or unreachable.
Green XenServer is correctly connected to the vSwitch Controller.
Orange XenServer is not configured to connect to the vSwitch Controller (depends on the collective state of the associated physical interfaces and VIFs).
Pool-Wide Networks  
Red Master XenServer is shut down or unreachable.
Green Master XenServer is configured to connect to the vSwitch Controller and the connection is up and working.
Orange Master XenServer is not configured to connect to the vSwitch Controller (depends on the collective state of the associated physical interfaces and VIFs).
Resource Pools  
Red Master XenServer is shut down or unreachable.
Green Master XenServer is configured to connect to the vSwitch Controller and the connection is up and working.
Orange Master XenServer is not configured to connect to the vSwitch Controller (depends on the collective state of the associated physical interfaces and VIFs).

Troubleshoot access policy issues

The following suggestions can help in troubleshooting when access control policies are not operating properly:

  1. Select the Status page for the VIF of a VM that the policy is supposed to affect. View the hit counts for each rule while you generate traffic that the policy is not handling correctly. Identify the rule that the traffic is actually hitting instead of the rule you expected it to be hitting. For debugging purposes, you can, add a default rule that matches all traffic as the lowest priority default rule at the global level.

    Note:

    This rule can have either an allow or deny action, depending on your desired network behavior while debugging. Delete this rule after debugging.

  2. If the traffic hits a rule of lower priority than the one you expected, carefully check the rule matching criteria. Is the direction of the traffic correctly specified? Are the remote hosts properly identified? Is the protocol correctly defined? For example, is the protocol specifying a UDP port instead of a TCP port or the opposite way?

  3. If the traffic hits a rule of higher priority than expected, resolve the conflict between this rule and the rule you expected the traffic to hit. You can resolve conflicts by redefining rules to be more or less granular or by changing the relative priorities of the two rules. For example, you can scope a rule to apply only to a particular set of remote IP addresses.

  4. If the VM has multiple VIFs, check that it is transmitting and receiving the traffic on the VIF to which the policy applies. When appropriate, use RSPAN to mirror traffic from the VIF to a network analyzer. You can use this mirrored traffic to ensure that traffic is present that is supposed to match the rule.

Note:

When a vSwitch Controller is unavailable, the resource pool enforces access control rules based on the configured fail mode. See the section called “Resource Pool Level” under “Viewing Status” for more details about a resource pool’s fail mode.

Create a trouble report

To address issues efficiently, collect information from the XenServer and vSwitch Controller that are involved in the issue. Collect this information as soon as possible after the issue occurs. Submit the information along with your trouble report.

  • Include a Server Status report for each XenServer that is involved in the issue. For information about generating Server Status reports, see Health check

  • Include a log bundle from the vSwitch Controller by clicking Collect and Zip All Logs in the Server & Certificate Maintenance Settings page. For more information, see Collect information for trouble reports.

Controller error messages

The following error messages can be seen:

  • Connecting to Pool - Displayed when a new pool is added and vSwitch Controller has not yet successfully connected to the pool master. OR Displayed when the vSwitch Controller restarts and it has not yet successfully connected to the pool master. If a successful connection is not established in 30 seconds, this message is replaced with ‘Pool Connection Failed’.
  • Network control channels disconnected - XenServer is not correctly connected to the vSwitch Controller.
  • Missing Pool Address - No DNS name or IP address is available for the pool.
  • Pool Connection Failed - This message is displayed in the following situations:
    • There is a network problem between the controller and the pool master
    • There is a failure in DNS name resolution
    • There is an invalid DNS name or pool master IP address
    • The pool master is down or misconfigured
  • Unsupported Pool Version - The DNS name or IP address configured to the pool does not resolve to a compatible version of XenServer.
  • Duplicate Pool: Pool Disabled - The pool reports the same XAPI UUID as another pool already in the vSwitch Controller database.
  • Pool Authentication Failure - vSwitch Controller was unable to authenticate to the pool master using the user name and password provided.
  • Pool Identity Changed - The pool has been reinstalled and does not match the state of the matching pool.
  • Pool Synchronization Error - An unsupported operation was seen when using XAPI to communicate with the pool master.
  • Unknown Error - Cause of the error is not known.

Troubleshoot vSwitch Controller issues