There was an interesting question this week on the VMTN community forums about querying a vSwitch on an ESX(i) host. The user was trying to locate a particular virtual machine's MAC Address due to an IP conflict that was identified. The internal VMware vSwitch is pretty much closed off as a blackbox. The vSwitch is not exposed like a traditional physical switch in which you can run commands against such as "show mac-address-table" to display the MAC addresses found on the switch.
However, you can still perform a lookup of all the MAC Addresses found on a particular ESX(i)/vCenter host by using the vSphere APIs. You can search for all virtual machines and dump out their associated MAC Addresses and correlate that back to a particular vSwitch. You can easily do this through a script such as using the vSphere SDK for Perl script: getvSwitchMacTable.pl which supports both stand vSwitch and distributed vSwitch or if you prefer a GUI, you can use the popular RVTools. I am sure there is most likely a PowerCLI solution to solving this problem as well.
The solution described above is the proper and most flexible way of solving this problem, but what if you really wanted to query the internal vSwitch and extract out the MAC Addresses that way? Well the answer is, you can so using vsish on ESXi (vsish is not available on ESX unless you have the VMware debugging RPM package installed).
Here are some of things you can view for a given vSwitch using vsish:
~ # vsish -e ls /net/portsets/vSwitch0
The "ports" section is what we are interested in:
~ # vsish -e ls /net/portsets/vSwitch0/ports
When looking at a particular port, it provides quite a bit of information on what is connected and various metrics/statistics:
~ # vsish -e ls /net/portsets/vSwitch0/ports/16777220/
As you can see it is pretty tedious to go through each of the ports and it does not easily allow you to figure out what is exactly connected to the port until you view the "status" property.
I decided to write a tiny script that would allow a user to dump out all the MAC Addresses from the vSwitch(s) found on an ESX(i) host. Not only does it provide this mapping but also what is specifically using a given port whether it is mapped to internal interface or a particular virtual machine.
You can download the script vswitchInfo.sh which runs directly on ESXi's TSM (Tech Support Mode). The script can be called with the "-l" option to provide a high level dump of all MAC Addresses. Once you have identified the particular vSwitch and port, then you can get further details by specifying "-v" for vSwitch name and "-p" for the port number as displayed from the previous execution.
Here is an example output of just listing all MAC Addresses from all vSwitch(s) in an ESXi host:
Here is an example of getting more details on a particular port on a vSwitch:
Here you can see the clientName which is either a VM or interface using the port. You will also notice there is a mapping to set of pNICS that are attached to the vSwitch and various other details that I will let you explore.
You might have noticed the vSwitch port-ids looks kind of familiar? If you did, they actually are, as they part of the "networking" section in esxtop/resxtop output.
Unfortunately with esxtop/resxtop, it does not display the associated MAC Addresses, but now you have a way to easily query for details on the internal ports of a vSwitch.
Note: The second solution falls under the "not supported" category as you might have guessed.
Jalal Araidah says
But does this 'vswitchInfo.sh' script work on ESXi 5.0??
Yes the output was actually from an ESXi 5 host, this should work on all version of ESX(i).
is there a way to view statistics per port group, rx/tx?
Adam Thompson says
I needed a way to find out the name of the port group, since "vSwitch2" doesn't mean much to a human. Finally found it in /net/portSets/*/ports/*/status under "portCfg:". Argh. Modified script to display that critical piece of information. Diff emailed to info.virtuallyghetto at gmail.
Nice script!! But I am not able to download it. Can you please check?
Jean-Claude De Blois says
Great work....that script saved me a lot of work. Thanks for sharing it.
Is this script still available? I can't find it in your new GitHub repo... :'o(
William Lam says
Yes, I've just updated the link above. You can find all my scripts here https://github.com/lamw/ 🙂
What about "forged" mac addresses [i.e. coming from a VM]. are you able to gather to which those mac addresses are coming from?