How to Fix :Possible DHCP DOS attack seen on the esx host


In NSX-v 6.4.0, you see these symptoms:

  • You see the error: “NSX Alert :Possible DHCP DOS attack on host. (ScreenShot Attached)
    NSX Alert DHCP DOS Attack


This issue occurs because a new DHCP DoS related security feature was introduced in NSX-v 6.4.0, that may report false positives.

This is a known issue affecting VMware NSX for vSphere 6.4.x. Currently, there is no resolution.


To work around this issue, disable these warning messages. You can disable these warning messages NSX Manager Central Command Line Interface.

  1. Login to The NSX Manager SSh Console via Admin . Check the Status for the Event Notification
Read The Rest ......

All Badges in bag now. #vExpert – #vExpertNSX – #vExpertVSAN

This morning when I woke up I was reading tweets on my handset and i just came up the vExpert announcement for 2017. I was more curious as i also applied for the vSAN & NSX programme too. I opened the announcement page and voila!! My name was on the both list (vExpertvSAN and NSX) . I selected in vExpert NSX programme 2nd Time this time and vSAN is the new achievement for me.


Here are the links for the complete vExpert lists

vExpert vSAN :

vExpert NSX  :

Distributed firewalls on the NSX Manager central CLI

You can get most information about distributed firewalls on the NSX Manager central CLI.


The path to drill down to the desired information is as follows:

  1. Show all clusters: show cluster all

  2. Then show hosts in a specific cluster: show cluster clusterID

  3. Then show all VMs on a host: show host hostID

  4. Then show information for a VM, which includes filter names and vNIC IDs: show vm vmID

    Here is the Example for the same.

nsxmgr> show cluster all
No.  Cluster Name                Cluster Id               Datacenter Name     Firewall Status
1    Compute Cluster A           domain-c33               Datacenter Site A   Enabled
2    Management & 
Read The Rest ......

How to Fix : VXLAN VMKNic Out Of Sync

NSX Manager detects the entities modified or deleted directly on the vCenter Server for NSX managed object like VXLAN VMKNic, from vCenter Server. System events are raised whenever a delete of an entity happens outside of NSX. When the VMKNic is deleted on the host, but the VMKNic information is still available in NSX, then NSX Manager indicates the deleted VMKNic with an Error icon.

  1. In the vSphere Web Client, navigate to Networking & Security > Installation > Logical Network Preparation.
  2. On the VXLAN Transport tab, expand the Cluster and Hosts.

  3. Click the Error icon
Read The Rest ......

Basic NSX Troubleshooting Commands

Here are some Basic TroubleShooting Commands available which can be useful and should be handy.logo

Checking the NSX Installation on ESXi Host—Host Networking Commands


Host Networking Commands


List physical NICs/vmnic

esxcli network nic list

Check the NIC type, driver type, link status, MTU

Physical NIC details

esxcli network nic get -n vmnic#

Check the driver and firmware versions along with other details

List vmk NICs with IP addresses/MAC/MTU, and so on

esxcli network ip interface ipv4 get

To ensure VTEPs are correctly instantiated

Details of each vmk NIC, including vDS information

esxcli network ip interface list

To ensure

Read The Rest ......

Understanding Cross-vCenter NSX Multi-Site and Single Site Architecture

cross-vCenter NSX environment allows you to use the same logical switches and other network objects across multiple vCenter NSX setups. The vCenters can be located in the same site, or in different sites.

cross vcenter

Whether the cross-vCenter NSX environment is contained within a single site or crosses multiple sites, a similar configuration can be used. These two example topologies consist of the following:

  • A universal transport zone that includes all clusters in the site or sites.

  • Universal logical switches attached to the universal transport zone. Two universal logical switches are used to connect VMs and one is used as a

Read The Rest ......

What are the NSX Components


cloud management platform (CMP) is not a component of NSX, but NSX provides integration into virtually any CMP via the REST API and out-of-the-box integration with VMware CMPs.

Read The Rest ......

What is Consumption Platform

The consumption of NSX can be driven directly through the NSX Manager user interface, which is available in the vSphere Web Client. Typically end users tie network virtualization to their cloud management platform for deploying applications. NSX provides rich integration into virtually any CMP through REST APIs. Out-of-the-box integration is also available through VMware vCloud Automation Center, vCloud Director, and OpenStack with the Neutron plug-in for NSX.

What is Management Plane

The NSX management plane is built by the NSX Manager, the centralized network management component of NSX. It provides the single point of configuration and REST API entry-points.

The NSX Manager is installed as a virtual appliance on any ESX™ host in your vCenter Server environment. NSX Manager and vCenter have a one-to-one relationship. For every instance of NSX Manager, there is one vCenter Server. This is true even in a cross-vCenter NSX environment.

In a cross-vCenter NSX environment, there is both a primary NSX Manager and one or more secondary NSX Managers. The primary NSX Manager allows you to … Read The Rest ......

What is Control Plane

The NSX control plane runs in the NSX Controller cluster. NSX Controller is an advanced distributed state management system that provides control plane functions for NSX logical switching and routing functions. It is the central control point for all logical switches within a network and maintains information about all hosts, logical switches (VXLANs), and distributed logical routers.

The controller cluster is responsible for managing the distributed switching and routing modules in the hypervisors. The controller does not have any dataplane traffic passing through it. Controller nodes are deployed in a cluster of three members to enable high-availability and scale. Any … Read The Rest ......