Search the VMware Knowledge Base (KB)
View by Article ID

ESXi Network Dump Collector in VMware vSphere 5.x/6.0 (1032051)

  • 35 Ratings

Purpose

The VMware vSphere Network Dump Collector service allows for collecting diagnostic information from a host that experiences a critical fault and generates a purple diagnostic screen.

For more information on investigating the diagnostic information obtained, see Interpreting an ESX host purple diagnostic screen (1004250).

Resolution

The VMware vSphere Network Dump Collector service enables a host to transmit diagnostic information via the network to a remote netdump service, which stores it on disk. Network-based coredump collection can be configured in addition to or instead of disk-based coredump collection. This may be useful in stateless environments with no local disk usable for a diagnostic partition.

The Dump Collector is available in two forms:

  • vSphere ESXi Dump Collector service installed on Windows, possibly in the same location as vSphere vCenter Server.
  • vSphere ESXi Dump Collector service pre-packaged with the vSphere vCenter Server Virtual Appliance.

When installed on Windows, the vSphere ESXi Dump Collector service can integrate with vCenter Server. The Dump Collector server's listening IP address and Port number will be listed in the Dump Collector vCenter Server plugin. This is not available in a standalone installation of vSphere Dump Collector on Windows or in the vCenter Server Virtual Appliance.

Host and Collector Configuration

The host and collector service must both be configured prior to an outage in order to collect information from that outage.

Security and Network Considerations

Network Dump Collector does not work if the Management vmkernel port has been configured to use Etherchannel/LACP.

Network coredump collection is disabled by default. Enabling this feature requires administrative access to the ESXi host.

The netdump protocol is used for sending coredumps from a failed ESXi host to the Dump Collector service. This service only supports IPv4. By default, this service listens on UDP port 6500. The network traffic is not encrypted, and there is no authentication or authorization mechanism to ensure the integrity or validity of any data received by the Dump Collector service. It is recommended that the VMkernel network used for network coredump collection be physically or logically segmented (such as a separate LAN/VLAN) to ensure that the traffic is not intercepted.


vSphere ESXi 5.0


VLAN tagging may be utilized if configured at the physical switch port. The VLAN tagging options configured at the vSwitch level are ignored during network core dump transmission. 
vSphere Distributed Switches (vDS) cannot be used for the VMkernel network interface used for network core dump transmission. For more information, see Network Dump Collector is not supported on vDS (2000781).


vSphere ESXi 5.1/5.5/6.0

The core dump transmission is tagged with the same VLAN configured for the selected interface.  Standard vSwitches and Distributed vSwitches can be used for core dump transmissions.  Teamed NICs can be used for core dump transmissions.

Operation and Troubleshooting

During a critical failure on a vSphere ESXi host, the host generates a purple diagnostic screen and attempts to write a coredump using either or both of the pre-configured DiskDump or NetDump mechanisms. If previously configured to NetDump to a Dump Collector, the host opens a connection from a VMkernel network to the remote IP on UDP port 6500, and transmits a compressed coredump

The Dump Collector service receives the coredump and saves it to a file on its own disk in the zdump format. Files are organized into directories according to the sending host's IP address, such as data/10/11/12/13/zdump_10.11.12.13- yyyy-mm-dd-hh_mm-N. This information can be later investigated. For more information, see Interpreting an ESX host purple diagnostic screen (1004250).

By default, 2 GB of zdump diagnostic information is stored, with older dump files automatically deleted. The Dump Collector service has a non-configurable 60-second timeout: if no information is received in 60 seconds, the partial file is deleted.

If the ESXi host is unable to reach the Dump Collector server during an outage, see Troubleshooting the Network Dump Collector service in vSphere 5.0 (2003042).

Logging and Increased Verbosity

The Dump Collector service logs information to disk during startup and while receiving coredumps over the network. The date and timestamps in the Dump Collector logs and received zdump filenames reflect the time that on the server running the Dump Collector, not the time on the ESXi host which supplied the coredump. For more information, see Location of vSphere ESXi Dump Collector log files (2003277). To increase the verbosity of the Dump Collector service logs, see Configuring the Network Dump Collector service in vSphere 5.0 (2002954).

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 35 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 35 Ratings
Actions
KB: