Category Archives: NSX

Troubleshoot VMware NSX Edge Services Issues

By | 19/06/2018

In this post I will cover following topics of Objective 7.3 of VCAP6-NV Deploy exam.

  • Troubleshoot VPN service issues
  • Troubleshoot DHCP/DNS/NAT service issues
  • Troubleshoot Logical Load Balancer implementation issues
  • Download Technical Support logs from NSX Edge instances

Lets get started.

                                     Troubleshoot VPN service issues

There are 3 types of VPN which you can configure on NSX edges:

  • SSL-VPN Plus
  • IPSec VPN
  • L2 VPN

Lets start with troubleshooting IPSec VPN.

To troubleshoot any VPN issues, you should have knowledge of how to configure a VPN service so that you can verify that issue is not because of a mis-configured settings. To review the implementation and configuration of the IPSec VPN service refer to article read more

Category: NSX

Troubleshoot VMware NSX Connectivity Issues

By | 18/06/2018

In this post I will cover following topics of objective 7.2 of VCAP6-NV Deploy exam:

  • Monitor and analyze virtual machine traffic with Flow Monitoring
  • Troubleshoot virtual machine connectivity
  • Troubleshoot dynamic routing protocols

Lets get started

             Monitor and analyze virtual machine traffic with Flow Monitoring

Flow monitoring is used to capture ingress/egress traffic of VM’s in a NSX environment. Flow monitoring is disabled by default and you need to enable it before you can use this tool. Once Flow monitoring is enabled, you need to wait for some time to let this tool gather data about your vSphere environment (much like how vROPS gather data before generating reports/recommendations etc) read more

Category: NSX

Troubleshoot Common VMware NSX Installation/Configuration Issues

By | 17/06/2018

In this post I will cover following topics of Objective 7.1 of VCAP6-NV Deploy Exam:

  • Troubleshoot NSX Manager Services
  • Download Technical Supports Logs from NSX Manager
  • Troubleshoot Host Preparation Issues
  • Troubleshoot NSX Controller Cluster Status, Roles and Connectivity
  • Troubleshoot Logical Switch Transport Zone and NSX Edge Mappings
  • Troubleshoot Logical Router Interface and Route Mappings
  • Troubleshoot Distributed and Edge Firewall Implementations

Lets get started.

                                       Troubleshoot NSX Manager Services

If you are facing any NSX related issues, then NSX manager UI is the first place to verify which service or services are impacted. Typically you can check status of following services from NSX Manager UI (https://NSX-FQDN/login.jsp)

  • vPostgres 
  • RabbitMQ: 
  • NSX Management Service
  • NSX Universal Syncronisation Service (Only when you have Cross vCenter NSX Configured)

If any service is in stopped state, try to start or restart it.

nsxt-1.PNG

You can also check logs from NSX manager CLI to determine what is broken. The two important logs you can check are: NSX Manager log and the System log. These logs can be viwed by firing commands: show log manager & show log system. You can append the word follow to watch the logs in real time (similar to linux tail command) read more

Category: NSX

Configure and Manage Universal Logical Security Objects in NSX

By | 15/06/2018

In this post, I will be covering following topics of Objective 6.3 of VCAP6-NV Deploy exam:

  • Configure Universal MAC Sets
  • Configure Universal IP Sets
  • Configure Universal Security Groups
  • Configure Universal Firewall Rules
  • Configure Universal Services and Service Groups

Lets get started.

                                                  Configure Universal MAC Sets

In NSX version lower than 5.4, Mac sets can be created by navigating to Networking and Security, Select the Primary NSX Manager > Manage > Grouping Objects > MAC Sets.

In NSX 6.4 this is available under Networking & Security > Groups and Tags > MAC Sets.

Click on + button to add a new MAC Set. read more

Category: NSX

Configuring VMware Cross vCenter NSX-Part 2

By | 14/06/2018

In last post of this series, we learnt how to configure a Cross vCenter NSX configuration. In this post we will explore more about this. Purpose of this post is to cover Objective 6.2 of VCAP6-NV Deploy exam and I will cover following topics:

  • Create/configure Universal Logical Switches
  • Create/configure Universal Distributed Logical Routers
  • Configure local egress

Lets get started.

                               Create/configure Universal Logical Switches (ULS)

Any Logical Switches created in a Universal Transport Zone are Universal Logical Switches and it provides Layer 2 connectivity across VC boundaries. You can connect 2 VM’s that are running in different vCenter instance to a ULS and can ping across. read more

Category: NSX

Configuring VMware Cross-vCenter NSX

By | 13/06/2018

In this post, along with discussing Cross vCenter NSX configuration, I will cover following topics of objective 6.1 of VCAP6-NV Deploy Exam:

  • Configure NSX manager roles (Primary, Secondary, Standalone, Transit) according to a deployment plan:
  • Deploy/configure Universal Controller Cluster
  • Configure Universal segment ID pools
  • Create/manage Universal transport zones

What is Cross vCenter NSX?

Cross-vCenter NSX feature was introduced in NSX 6.2 and it allows central management of network virtualization and security policies across multiple vCenter Server systems. In a cross-vCenter NSX environment, you can have multiple vCenter Servers, each of which must be paired with its own NSX Manager. One NSX Manager is assigned the role of primary NSX Manager, and the others are assigned the role of secondary NSX Manager. read more

Category: NSX

Configure Role Based Access Control in NSX

By | 11/06/2018

Role Based Access Control is a mechanism for controlling access and restricting actions of users by adding user accounts to groups that have delegated permissions. The NSX Manager has its own authentication database and permission roles you can assign to users.

In this post we will learn how to configure role based access in NSX. I intend to cover following topics of VCAP6-NV Deploy exam in this blog post. 

  • Implement identity service support for Active Directory, NIS, and LDAP with Single Sign-On (SSO)
  • Manage User rights:
  • Assign roles to user accounts
  • Change a user role
  • Delete/disable/enable a user account

Lets get started.

Implement identity service support for Active Directory, NIS, and LDAP with SSO read more

Category: NSX

Monitor a VMware NSX Implementation

By | 11/06/2018

In this post I will cover objective 5.2 of VCAP6-NV Deploy exam and will be discussing on following topics

  • Configure logging for NSX components according to a deployment plan
  • Monitor health of networking services
  • Monitor health and status of infrastructure components:
    • vSphere
    • NSX Manager
    • Control Cluster
    Enable data collection for single/multiple virtual machines

    Lets get started.

             Configure logging for NSX components according to a deployment plan

    1: Configure Syslog on NSX Manager

    To configure NSX mmanger to send logs to a centralized syslog server, login to NSX manager UI and click on “Manage Appliance Settings”

    nsxm-1.PNG

    Under Syslog server click on Edit button

    nsxm-2

    Punch in your syslog server IP and port 514 and select UDP as protocol and hit OK. read more

Category: NSX

Backup and Restore NSX Manager

By | 09/06/2018

Like any other infrastructure componet, backup of NSX manager is very critical as it helps in recovering configuration in event of a NSX manager corruption/failure etc.

Before software defined networking was introduced, backup of network configuration was a very cumbersome task as you have many components to backup such as Routers, Switches,Firewalls and what not. 

With introduction of NSX, all the networking intelligence were injected in NSX and this reduced the administrative overhead of backing up each networking components individually. With NSX you only have to worry about backing up NSX manager and the vDS at vCenter level which stores all your virtualwires. In this post we will learn how to backup NSX manager and distributed switches. read more

Category: NSX

Configure and Manage NSX Edge Gateway Services (DHCP, DNS and NAT)

By | 08/06/2018

In this post I will be covering objective 3.3 of VCAP6-NV Deploy exam and we will discuss about following topics:

  • Configure DHCP services according to a deployment plan:
    • Create/edit a DHCP IP Pool
    • Create/edit DHCP Static Binding
    • Configure DHCP relay
    Configure DNS services Configure NAT services to provide access to services running on privately addressed virtual machines

    Lets get started.

    Configure DHCP services on NSX Edge

    NSX Edge Service Gateway provides IP addressing  using static address and via DHCP. In general any DHCP server needs a pool of IP which can be distributed to clients which boots over network and ask for IP via DHCP. Edge gateway is not different. Edge gateway DHCP can provide IP address, default gateway, netmask and DNS server to the DHCP clients which boots over network. read more

Category: NSX

Configure and Manage L2 VPN in NSX

By | 08/06/2018

What is L2 VPN?

From VMware NSX Administration Guide

With L2 VPN, you can stretch multiple logical networks (both VLAN and VXLAN) across geographical sites. Virtual machines remain on the same subnet when they are moved between sites and their IP addresses do not change.

L2 VPN thus allows enterprises to seamlessly migrate workloads backed by VXLAN or VLAN between physically separated locations. For cloud providers, L2 VPN provides a mechanism to on-board tenants without modifying existing IP addresses for workloads and applications. read more

Category: NSX

Configure and Manage SSL VPN in NSX

By | 08/06/2018

SSL VPN on NSX Edge Gateway allows end-user to connect to a private network through a SSL-VPN tunnel so that the end-user can access the application/services which are hosted on remote site, on their local network. Application/services can be accessed via Web-based SSL client or a regular client. 

Below image taken from NSX Administration Guide demonstrates the process of connecting to private network via SSL-VPN

ssl

                                           Graphic Thanks to VMware read more

Category: NSX

Configure and Manage IPSec VPN in NSX

By | 08/06/2018

NSX Edge Services Gateway supports site to site IPSec VPN. You can create IPSec VPN between an ESG and any other network device (hardware/software) which supports IPSec or you can have ESG at both source and target site for this purpose. 

Using IPSec VPN, you can create a secure connection between two sites and route the internal subnets between those two sites. Just ensure you don’t have an overlapping subnets behind the edge gateway. You can create more than one IPSec tunnel on ESG and number of tunnels is directly dependent on size of NSX edge.  read more

Category: NSX

Upgrade NSX Manager via Rest API

By | 04/06/2018

VMware released NSX 6.4.0. this month and this version brought many features, improvements and bug fixes which are outlined in the Release Notes

Before upgrading to NSX 6.4.1, check VMware interop matrix to make sure your underlying infrastructure is compatible with this version. Your VMware vSphere should be at 6.0 U2 or greater to upgrade to NSX 6.4

nsx-upgrade-interop.PNG

I am currently running NSX 6.3.5 in my lab and I thought to upgrade it to 6.4. I wanted to play with Rest API option for NSX manager upgrade, as from GUI I have done several times. read more

Category: NSX

Configure Load Balancing With NSX Edge Gateway

By | 27/05/2018

In this post I will be discussing about NSX Edge Service Gateway load balancing service and I will walk through the steps for how to configure load balancer.  Agenda of this post is to cover following topics of VCAP-NV Deploy exam:

  • Configure the appropriate Load Balancer model for a given application topology
  • Configure SSL off-loading
  • Configure a service monitor to define health check parameters for a specific type of network traffic
  • Optimize a server pool to manage and share backend servers
  • Configure an application profile and rules
  • Configure virtual servers

Configure the appropriate Load Balancer model for a given application topology

The two main drivers for deploying a load balancer are scaling out an application (by distributing workload across multiple servers), along with improving its high-availability characteristics.  read more

Category: NSX