Configuring Syslog Settings on Edge Gateway in vCloud Air via Rest API

Recently I deployed syslog server in my vCloud Lab and was looking for a way to send Edge gateway logs to my syslog server. This post in focused on how to configure edge gateway syslog settings. 

VMware vCloud® Air supports the ability for customers to collect information about traffic coming to and from their edge gateway through the use of a syslog server. By configuring edge gateway to transfer log data to your syslog server, you can then set up alerts or notifications and build reports with your preferred tools.

If you do not have ANS subscription in vCloud Air then the only way to configure syslog settings on the Edge gateway is via vCloud API. There is no option available in GUI when you open edge gateway properties from within vCloud Director interface.

When it comes to using Rest API we have variety of choice to use as Rest Client. Some of the common clients include curl, Postman,Mozilla rest Client etc.

I personally prefers curl and postman and in this post I will demonstrate the curl option.

Requirements to Configure Syslog on Edge Gateway:

1: A REST client.

2: vCloud Air credentials.

3: vCloud Air Endpoint/Org name.

4: Configured syslog server and IP address.

Obtaining vCloud Air Endpoint/Org name

You can obtain the endpoint details by logging into vCloud Air portal and navigating to your Org/vDC.

Obtaining vCloud Air supported API versions

List of supported API versions that can be used with vCloud Air can be obtained by firing below command. 

# curl -sik -H “Accept:application/*+xml;version=5.6” -u “mjha@vmware.com” -X GET https://au-south-1-15.vchs.vmware.com/api/versions

You will get a long list of versions as output. Select any one of the version. Also make a note of the login URL. 

<VersionInfo>
 <Version>9.0</Version>
 <LoginUrl>https://au-south-1-15.vchs.vmware.com/api/compute/api/sessions</LoginUrl>
</VersionInfo>

Obtaining Auth Code for vCloud API Login

You need 4 things for generating Auth code for API login

A: Login URL (copy from previous output)

B: API Version: (copy from previous output)

C: Customer Header: Accept:application/*+xml;version=9.0

D: vCloud Air Credentials in format: username@domain-name@org-name

When you have all the 4 info handy, fire below API query to obtain Auth code

# curl -sik -H “Accept:application/*+xml;version=9.0” -u “mjha@vmware.com@bdd75fd4-a319-47d5-b4f2-77aad691488f” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/sessions | grep auth

Enter host password for user ‘mjha@vmware.com@bdd75fd4-a319-47d5-b4f2-77aad691488f’:

x-vcloud-authorization: 1e95dc1064aa4083ae79bb617221853e

Now use following API queries in sequence

Find Org Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/org/ | grep bdd75fd4-a319-47d5-b4f2-77aad691488f    

Note: bdd75fd4-a319-47d5-b4f2-77aad691488f is my org name

<Org href="https://au-south-1-15.vchs.vmware.com/api/compute/api/org/4f5feba5-bb82-456e-8898-95d4970f2624" name="bdd75fd4-a319-47d5-b4f2-77aad691488f" >

Find vDC Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/org/4f5feba5-bb82-456e-8898-95d4970f2624 | grep vdc

<href="https://au-south-1-15.vchs.vmware.com/api/compute/api/vdc/e89232de-3507-4b66-98d7-8ec25e99c826" name="Manish-VCAP-LAB" >
 

Find Edge Gateway Href

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:1e95dc1064aa4083ae79bb617221853e” -X GET https://au-south-1-15.vchs.vmware.com/api/compute/api/vdc/e89232de-3507-4b66-98d7-8ec25e99c826 | grep edge

<href="https://au-south-1-15.vchs.vmware.com/api/compute/api/admin/vdc/e89232de-3507-4b66-98d7-8ec25e99c826/edgeGateways" > read more

vRealize Network Insight-Part-4: Monitoring Infrastructure

In last post of this series we had a look on how to add data sources and successfully added vCenter server and NSX manager so that vRNI can fetch and provide us necessary information. In this post we will see how we can monitor our infrastructure and how we can improve it based on recommendations generated by vRNI. Let’s get started.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to vRealize Network Insight

2: Deploying vRNI Appliance

3: Configuring vRNI read more

vRealize Network Insight-Part-3: Configuring vRNI

In last post of this series we had a look on deployments steps of the Platform and Proxy VM. In this post we will configure the vRNI deployments and will see what kind of data the dashboard presents to user.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to vRealize Network Insight

2: Deploying vRNI Appliance

Lets begin with configuring the appliance.

Login to vRNI appliance by typing https://<IP or FQDN of the platform appliance> in your browser. read more

vRealize Network Insight-Part-2: Installation

In last post of this series we discussed briefly about what is vRNI and why you should have it your environment. In this post we will look into the deployments steps.

The current version of vRealize Network Insight is 3.4. I am going to deploy the same in my lab. 

The installation process for VMware vRNI is a two-step process that includes:

  • Deploying VMware vRNI platform appliance.
  • Deploying VMware vRNI proxy appliance.

Following are the resource requirements for deploying the Platform and Proxy OVA.

vRealize Network Insight Platform OVA

  • 8 cores – Reservation 4096 Mhz
  • 32 GB RAM – Reservation – 16GB
  • 750 GB – HDD, Thin provisioned

vRealize Network Insight Proxy OVA

  • 4 cores – Reservation 2048 Mhz
  • 10 GB RAM – Reservation – 5GB
  • 150 GB – HDD, Thick provisioned

Lets jump into lab and start the deployment process. To keep the length of the post to a reasonable length, I have omitted the deployment steps of the ova file except the final network information input screens where you have to define IP/Netmask/GW/DNS/NTP etc. read more

vRealize Network Insight-Part-1: Introduction

Recently I was having a discussion with one of my friend on NSX related topic and then I came to know about a new must have tool for your NSX based lab. Title of this post itself explains which tool I am talking about here.

What is vRealize Network Insight (vRNI) and where it came from?

vRealize Network Insight is a product for delivering intelligent operations for your SDN environment (specially based on NSX). vRealize Network Insight, allows a single pane of glass view of the VMware NSX environment. vRNI integrates with NSX to deliver intelligent operations for software defined networking. read more

Cannot Redeploy Edge Gateway “VSM response error (10020): Failed to deploy edge appliance vse-XXXX-0. The name ‘vse-XXXX-0’ already exists”

This post is very similar to issue described in my last post. The only difference in last issue and this was I was not able to redeploy edge gateway to get rid of stubborn Org Networks whereas in previous case Edge redeploy fixed the issue quite comfortably.

Let me start with a little bit background of how was this issue discovered and what challenges I faced.  I was working investigating a failed deprovision issue when this issue was discovered. Deprovision tasks in our environment are fully automated and we have some portal where these tasks arrives and there is a Resume button which when clicked, kicks the deprovision process.

When the Resume button is clicked that portal initiates API calls to vCD and start deleting stuffs. It starts with deleting vApps, vApp Templates and then proceed to Org Network deletion and then the edge gateway and at last deletes the Org vDC and Org.

Sometimes stuffs at vCD level are in inconsistent state and thus API calls are unable to delete that element and deprovision is halted in portal.

During my investigation I checked the logs and found that API calls were unable to remove one of the Org Network.

Following errors were visible in vCD UI for network deletion failure

[ 695e10af-1677-4c64-bbe1-42250b6c249d ] Cannot delete organization VDC network default-routed (0694f25a-78b9-45b0-be44-e5c8ccda4b91)
Failed to delete interface of edge gateway urn:uuid:5286e85d-afb0-4821-b4f4-db87b390ba11

- Failed to delete interface of edge gateway urn:uuid:5286e85d-afb0-4821-b4f4-db87b390ba11
 
- com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (202): The requested object : vm-3768 could not be found. Object identifiers are case sensitive.

From the logs it was very clear that there are issues with edge backing VM’s. I went ahead with performing edge gateway redeploy without checking the edge VM’s status in vCenter. I was thinking that redeploy fixes this issue 9 out of 10 times so just give it a shot.

To my surprise edge gateway redeploy also failed and also I observed that redeploy task took around 20 minutes (usually it takes 5-7 minutes) and eventually timed out. 

Errors related to edge redeploy task failing was

[ e04b76e6-7bb1-4d97-a85c-0df2813a06be ] Cannot redeploy edge gateway M738162563-11503 (urn:uuid:5286e85d-afb0-4821-b4f4-db87b390ba11) com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (10020): Failed to deploy edge appliance vse-xxxxx-0. (The name 'vse-xxxxx-0' already exists.) - com.vmware.vcloud.fabric.nsm.error.VsmException: VSM response error (10020): Failed to deploy edge appliance vse-xxxxx-0. (The name 'vse-xxxxx-0' already exists.) - VSM response error (10020): Failed to deploy edge appliance vse-xxxxx-0. (The name 'vse-xxxxx-0' already exists.) read more

Edge Gateway Network deletion failed with error “Failed to communicate with NSX Edge vm. Error code VIX_E_PROGRAM_NOT_STARTED was returned by VIX API”

Today while working on one production issue, I came across one incident where I was unable to delete one of the Org Network in vCloud Director. Observed following errors in vCD UI for the Org network deletion failure: 

On checking vcloud-container.debug.log I observed similar log entries as seen in vCD UI

This was entirely new error for me so I started googling this around and unfortunately did not found helpful article. The only article which I got for this error was this but of no use for me.  read more

PyNSXv-Powerful tool for NSX Automation

Like last post of NSX series, this post is also focused on exploring a new tool which helps automatic NSX stuffs in your infrastructure. I first came across this tool when I was watching a VMworld 2016 Session titled NET7514 – PowerNSX and PyNSXv, but never got chance to play around this tool.

Now since I am exploring NSX automation these days, I decided to deploy the tool, in lab and use it. 

This post will be focused on just installation/configuration part and some examples on how to use this tool.

So what is PyNSXv?

PyNSXv is a high python based library that exposes ready to use work-flows and a CLI tool that can be used to control and automate NSXv in your infrastructure. 

It an opensource tool and is not supported by VMware and before using this in production, it is recommended to test it thoroughly in lab deployments. 

Currently PyNSXv functionality covers the following key areas:

  • Logical Switching
  • Logical Routing
  • NSX Edge Gateway
  • NSX Edge Load Balancer

PyNSXv can be used in two different ways, as a library by importing the files in the /library sub-directory into your code, or as a CLI tool by executing pynsxvon the command line after installation. To install PyNSXv you can use PIP on your system.

You should have some basic knowledge of Python and Powershell (and of-course of NSX) to begin with this tool. Below diagram just shows a very high level architectural view of this tool.

PyNSXv can be downloaded from VMware’s GitHub directory. Instructions for installation are available on PyNSXv Wiki page. Lets the fun begin.

Installing PyNSXv on Windows

Step 1: Install python v2.7 on your windows box. Python v2.7 can be downloaded from Here. Attention: Do Not install python v 3.X 

Step 2: Add python installation folder in the Windows path (So that PyNSXv can be run from any folder).

To do so navigate to Control Panel > System and Security > System > Advance System Settings > Advanced > Environment Variables.

Under System Variables edit PATH variable and add python installation\script folder path (typically it is C:\Python27\Scripts)

Step 3: Install PynSXv

Run command : pip install pysxv

Step 4: After you installed PyNSXv, the first thing you have to do is to create your a ini file that contains the host names and credentials of your vCenter and NSX Manager. Save this file in location : C:\Python27\Lib\site-packages\pynsxv

Typically nsx.ini file looks like below:

# variables for PyNSXv
[nsxv]
nsx_manager = 192.168.109.6
nsx_username = admin
nsx_password = NSX-PWD

[vcenter]
vcenter = 192.168.109.20
vcenter_user = administrator@vsphere.local
vcenter_passwd = VC-PWD

[defaults]
transport_zone = Cloud-pVDC-VXLAN-NP
datacenter_name = Cloud-DC
edge_datastore = iSCSI-2
edge_cluster = Resource-Cluster

After placing the nsx.ini file in you path, you can run pynsxv from your shell or cmd prompt.

Now you can use pynsx,exe command to play around with various options. One example is shown below

To see list of all available options that can be used with pynsxv command, please read this document.

Alternatively PyNSXv can be installed on windows using git command as well. Make sure git is installed on your windows machine.

You can clone the PyNSXv repository by using command: git clone https://github.com/vmware/pynsxv.git

This will typically place the installation file under C:\Users\Username\Documents\GitHub. From there navigate to pynsxv directory and run setup.py command. It will configure the necessary modules/library.

The nsx.ini file is placed in directory C:\Users\Username\Documents\GitHub\pynsxv\pynsxv. Modify this file as per example shown earlier.

Linux Installation

Step 1: If you are using Centos/Redhat 6 then default python version that is shipped with the v6 distribution is 2.6. We have to install python 2.7 on CentOS/Redhat. Instructions for doing so are explained here.

This post also demonstrates how to install pip. Once Python2.7 and Pip2.7 is installed, PyNSXv can be installed using command: pip2.7 install pynsxv

This command places the modules/library files under directory /usr/local/lib/python2.7/site-packages/pynsxv. In the same directory you will find the nsx.ini file.

Alternatively on linux boxes PyNSXv can be installed via git using command git clone https://github.com/vmware/pynsxv.git.

This will create a directory pynsx in your present working directory. Again you can find nsx.ini file here and modify it as per your environment details.

Now its time to play around various options available. 

[root@linjump ~]# pynsxv -i /root/pynsxv/pynsxv/nsx.ini lswitch list +-----------------------------------------------------------+---------------+ | LS name | LS ID | |-----------------------------------------------------------+---------------| | dvs.VCDVSProd-Routed-c48ebd51-e791-4d06-8bf4-0f2c04ee3eff | virtualwire-1 | +-----------------------------------------------------------+---------------+ read more

Exploring PowerNSX in Lab

These days I am busy exploring NSX Rest API in my lab and during the process I came to know about a cool tool named PowerNSX and decided to dedicate a blog on this to give respect to creator of this tool.

What is PowerNSX

PowerNSX is a PowerShell module that abstracts the NSX API to a set of easily used PowerShell functions. PowerNSX enables NSX administrators to drive their infrastructure programmatically.

PowerNSX add additional functionality to extend the capabilities of NSX along with exposing the existing Update, Remove and Get operations for all key NSX functions beyond the native UI or API. read more

Retrieving NSX Manager System Info Using Rest API

In this post we will explore how NSX manager system info can be retrieved via Rest API. NSX manager appliance home page is itself very descriptive and provides all system info. 

In this post we will learn how the same system info can be explored via API calls. Let’s get started.

Query NSX Manager Information

Below API query will provide you info like what is the major and minor version of NSX appliance you ae running along with patch number and build number

# curl -k -u “admin:Password” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/global/info xmllint –format –

<?xml version="1.0" encoding="UTF-8"?>
<globalInfo>
 <currentLoggedInUser>admin</currentLoggedInUser>
 <versionInfo>
 <majorVersion>6</majorVersion>
 <minorVersion>3</minorVersion>
 <patchVersion>2</patchVersion>
 <buildNumber>5672532</buildNumber>
 </versionInfo>
</globalInfo>

Query NSX Manager Summary Information

This API query will present you with all info which you used to see from the NSX manager homepage. This call can be used to obtain all system related info in one shot. 

# curl -k -u “admin:Password” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/summary/system | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?> <systemSummary> <ipv4Address>192.168.109.6</ipv4Address> <dnsName>nsxmgr.alex.local</dnsName> <hostName>nsxmgr</hostName> <domainName>alex.local</domainName> <applianceName>vShield Virtual Appliance Management</applianceName> <versionInfo> <majorVersion>6</majorVersion> <minorVersion>3</minorVersion> <patchVersion>2</patchVersion> <buildNumber>5672532</buildNumber> </versionInfo> <uptime>14 days, 23 hours, 56 minutes</uptime> <cpuInfoDto> <totalNoOfCPUs>4</totalNoOfCPUs> <capacity>2599 MHZ</capacity> <usedCapacity>187 MHZ</usedCapacity> <freeCapacity>2412 MHZ</freeCapacity> <usedPercentage>7</usedPercentage> </cpuInfoDto> <memInfoDto> <totalMemory>16025 MB</totalMemory> <usedMemory>5761 MB</usedMemory> <freeMemory>10264 MB</freeMemory> <usedPercentage>36</usedPercentage> </memInfoDto> <storageInfoDto> <totalStorage>81G</totalStorage> <usedStorage>20G</usedStorage> <freeStorage>61G</freeStorage> <usedPercentage>25</usedPercentage> </storageInfoDto> <currentSystemDate>Tuesday, 27 June 2017 04:29:52 PM IST</currentSystemDate> </systemSummary> read more

Managing NSX Manager Network Settings via Rest API

In this post we will learn how can we configure some of the network settings like DNS/Syslog and NTP configurations in NSX manager via Rest API.

We can do all this from NSX manager GUI also but if you are thinking about automating NSX manager deployment, then these Rest API knowledge can be pretty handy for configuring the appliance post its deployment.

Lets get started.

Query Network Settings

Below API query will give you an overview of NSX Manager IP settings, Hostname, DNS settings and domain name

# curl -k -u “admin:adminpwd” -X GET https://nsxmgr.alex.local/api/1.0/appliance-management/system/network/ | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?> <network> <hostName>nsxmgr</hostName> <domainName>alex.local</domainName> <networkIPv4AddressDto> <ipv4Address>192.168.109.6</ipv4Address> <ipv4NetMask>255.255.255.0</ipv4NetMask> <ipv4Gateway>192.168.109.1</ipv4Gateway> </networkIPv4AddressDto> <dns> <ipv4Address>192.168.109.2</ipv4Address> <domainList>alex.local</domainList> </dns> </network> read more

NSX Certificate Management Using Rest API

In this post We will learn how to view generate self-signed certificate for NSX and replace the certificates after getting them signed from CA. We will be doing this via Rest API.

I wrote a post in past on how to replace SSL certs for NSX from GUI. In this post I am trying to achieve the same via Rest API

Following are the API queries which you need to execute in order to generate and replace certs.

Generate CSR Certificate

# curl -k -u “admin:Telstra@123” -d @csr.xml -X PUT https://nsxmgr.alex.local/api/1.0/appliance-management/certificatemanager/csr/nsx

<?xml version="1.0" encoding="UTF-8"?> <csr> <algorithm>RSA</algorithm> <keySize>4096</keySize> <subjectDto> <commonName>nsxmgr.alex.local</commonName> <organizationUnit>Cloud</organizationUnit> <organizationName>Alex.Co</organizationName> <localityName>Bangalore</localityName> <stateName>Karnataka</stateName> <countryCode>IN</countryCode> </subjectDto> </csr> read more

Enable Disable HA on Edge GW via NSX Rest API

In this post I will be demonstrating how to enable and disable high availability on NSX edge gateway using Rest API.

If you are new to NSX and do not know what edge gateway high availability means then I would recommend to read this Blog by Gabe Rosas.

We can enable disable high availability on edge gateway from vSphere Web Client by navigating to Home  > Networking & Security > NSX Edges > Selecting Edge > Manage > HA Configuration

Enabling HA on edge gateway will create a new vse vm in vCenter and both VM start exchanging heartbeat and exchanging other configuration etc.

Now we will see how to achieve this via NSX Rest API.

Step 1: Query HA Status

# curl -k -u “admin:AdminPWD” -X GET https://nsxmgr.alex.local/api/4.0/edges/edge-2/highavailability/config | xmllint –format –

<?xml version="1.0" encoding="UTF-8"?>
<highAvailability>
 <version>3</version>
 <enabled>false</enabled>
 <declareDeadTime>15</declareDeadTime>
 <logging>
 <enable>false</enable>
 <logLevel>info</logLevel>
 </logging>
 <security>
 <enabled>false</enabled>
 </security>
</highAvailability>

From the above output we can see HA ha snot been enabled on edge gateway yet.

Step 2: Enable HA

To enable HA on edge gateway, we need to supply few parameter in the request body of the API call. If you are using curl you can create an xml file as shown below and can supply it with API query with -d option. 

<?xml version="1.0" encoding="UTF-8"?> <highAvailability> <version>4</version> <enabled>True</enabled> <declareDeadTime>15</declareDeadTime> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> <security> <enabled>false</enabled> </security> </highAvailability> read more

Redeploy NSX Edge Gateway Using Rest API

In this post I will demonstrate how to redeploy edge gateway in vCloud Director using Rest API

Disclaimer: This is not any fancy post and I am going to perform very simple task here. Most of you may be already aware of this. This post is for those who are new to API and also a reference post for me for future.

Lets get started.

We have to follow below steps for redeploying an edge gateway using API calls

Step 1: Generate Auth Token

# curl -sik -H “Accept:application/*+xml;version=5.6” -u “admin@system” -X POST https://vcd-b.alex.local/api/sessions | grep auth
Enter host password for user ‘admin@system’:

x-vcloud-authorization: 3fc8a5425f804c9d94eeff04e0272ed7

Step 2: Get Org UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/org/

<Org href="https://vcd-a.alex.local/api/org/58d92de4-4aa5-4a14-9b39-28e1de5e9809" name="Production" type="application/vnd.vmware.vcloud.org+xml"/>

Step 3: Get vDC UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/org/58d92de4-4aa5-4a14-9b39-28e1de5e9809 | grep vdc

<Link rel="down" href="https://vcd-a.alex.local/api/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625" name="Prod-DC" type="application/vnd.vmware.vcloud.vdc+xml"/>

Step 4: Get Edge Gateway UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625 | grep edgeGateways

<Link rel="edgeGateways" href="https://vcd-a.alex.local/api/admin/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625/edgeGateways" type="application/vnd.vmware.vcloud.query.records+xml"/>

Step 5: Get Edge Gateway UUID

# curl -sik -H “Accept:application/*+xml;version=5.6” -H “x-vcloud-authorization:3fc8a5425f804c9d94eeff04e0272ed7” -X GET https://vcd-a.alex.local/api/admin/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625/edgeGateways | grep GW_Name

<EdgeGatewayRecord gatewayStatus="READY" haStatus="DISABLED" isBusy="false" name="Prod-GW" numberOfExtNetworks="1" numberOfOrgNetworks="1" vdc="https://vcd-a.alex.local/api/vdc/1c32832c-e4db-48b0-9cfc-116fbb302625" href="https://vcd-a.alex.local/api/admin/edgeGateway/b37b059b-be98-4806-8535-9bbdcd4b6575" isSyslogServerSettingInSync="true"/> read more

Troubleshooting Failed Org Network Creation in vCloud Director

Today while working in my lab, I observed that while creating a new VDC in vCD was failing because org network failed to create.

On navigating to Org VDC list and clicking on error, it read the error load and clear that org vdc network can’t be created.

vcd-1

On navigating to Org VDC Networks section and clicking on error, I was able to identify what has caused the network creation failure.

vcd-2

The error stack was reading as below:

[ 114db22d-fc14-4c87-9030-36d2316aff8b ] Cannot deploy organization VDC network (f1514426-647e-4a03-a5a9-fafa4d73bb58)
com.vmware.vcloud.api.presentation.service.InternalServerErrorException: Cannot create network “dvs.VCDVSRouted-NW-9ab02973-9ded-4c4b-8826-4a52bdf2d6cf” from VXLAN network pool “urn:uuid:5c9de104-0f40-4cec-898f-985ee1fce1d6”. Make sure vShield Manager infrastructure is properly configured and there are segment IDs available. read more

Learning NSX-Part-11-Replacing NSX default SSL Certficates with CA Signed Certificates

I am a big advocate of not using the default SSL certs on any VMware products and I prefer using Signed certs from my CA server on my lab components. I have my CA server running in Windows Server 2012.

Earlier in my lab I had replaced the vSphere (Esxi + vCenter) SSL certs and if you want to know how to do it, you can read them from below links:

1: Replacing Esxi SSL Certificates

2: Replacing vCenter Server SSL Certs

If you are like me and new to replacing SSL certs and looking for how to setup a CA server, you can read it from Here for a step by step installation/configuration of CA server. read more

Learning NSX-Part-10-Upgrade NSX Manager From 6.2 to 6.2.4

This week I was trying my hands on upgrading NSX to version 6.2.4 which was released earlier this year in August.

I had no experience earlier with upgrading NSX manager and associated components, so I spent a lot of time in reading blogs and watching videos on how to perform the upgrade.

Before starting with upgrade process please consult the NSX 6.2.4 Release Notes and also follow VMware KB-2144295 which explains recommended minimum versions for VMware NSX for vSphere, ESXi, vCenter Server and Guest Introspection Driver (GID). read more

Troubleshooting Edge Gateway High Availability

Yesterday I was working on Edge Services Gateway in my Lab and deployed the edge gateway in HA mode. Soon after the deployment when I checked the HA status from vCenter, it reported status as Down

edge-ts-0

To counter any UI bug which might be reporting HA status as down (as this was a brand new deployment), I decided to check the HA status by logging onto edge vm’s directly.

On checking for the HA status on the VM, below message was displayed

Highavalibity healthcheck server is stopped

edge-ts1.PNG

edge-ts2

I did a search on google for this message and didn’t get much results. Then I checked the Admin guide for NSX and came to know the fact that you should have at least one vNIC configured as High availability traffic flows on one of the internal interface. read more

Learning NSX-Part-9-Edge Services Gateway

In last 2 post of the series we discussed about Distributed Logical Router. Moving forward in NSX learning series, we will look into what is Edge Service Gateway and will discuss on when to use edge gateway. We will look into deploying ESG and configuring it and then finally some touch down points on monitoring Edge gateways.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to VMware NSX

2: Installing and Configuring NSX Manager

3: Deploying NSX Controllers read more

Learning NSX-Part-8-Installing Distributed Logical Router

In last post of this series we discussed about distributed logical router and went through some important terms and terminologies. In this post we will jump into lab and will deploy logical distributed router.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to VMware NSX

2: Installing and Configuring NSX Manager

3: Deploying NSX Controllers

4: Preparing Esxi Hosts and Cluster read more

Learning NSX-Part-7-Distributed Logical Router Tidbits

In last post of this series we discussed about Logical Switching and understood when do we use logical switching. Also we deployed our first logical switch and moved a VM over to the newly created switch.

In this post we will discuss about Distributed Logical Router and look at the terms and terminology associated with it. We will not be diving into lab in this post as I intend to this in next post of this series

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to VMware NSX read more

Learning NSX-Part-6-Logical Switching and Transport Zones

In last post of this series we briefly looked what is VXLAN (In actual it’s an ocean of knowledge in itself) and also we configured VXLAN on our cluster/hosts.

In this post we will be talking about Logical switching and we will see how to create that and will cover prerequisites part as well.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to VMware NSX

2: Installing and Configuring NSX Manager

3: Deploying NSX Controllers

4: Preparing Esxi Hosts and Cluster read more

Learning NSX-Part-5-Configure VXLAN on the ESXi Hosts

In last post of this series we saw how to prepare Esxi host and Cluster for NSX. In this post we will be talking little bit about VXLAN, what are its benefits and how to configure VXLAN on Esxi hosts.

If you have missed earlier posts of this series you can read them from here:

1: Introduction to VMware NSX

2: Installing and Configuring NSX Manager

3: Deploying NSX Controllers

4: Preparing Esxi Hosts and Cluster

Lets start our discussion with what is VXLAN.

Virtual Extensible LAN (VXLAN) is an encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures. read more

Learning NSX-Part-4-Preparing Esxi Hosts and Cluster

In previous posts of this series, we talked about NSX Manager and NSX Controllers Deployment and also validated NSX Control Cluster status.

If you have missed earlier posts of this series you can read them from here:

1: Introduction to VMware NSX

2: Installing and Configuring NSX Manager

3: Deploying NSX Controllers

In this post we are going to learn about how to prepare Clusters and Esxi Hosts for NSX.

At this point we have NSX manager and controllers ready and established connection between control and management plane. Next step is to prepare cluster and Esxi hosts. read more

Learning NSX-Part-3-Deploying NSX Controllers

In last 2 posts of this series we understood what NSX is and how to install/configure NSX manager.

If you have missed earlier posts of this series, you can read them from below links:

1: Introduction to VMware NSX

2: Installing and Configuring NSX Manager

In this post we will be talking about NSX controllers. Before diving into lab, we will first discuss a little bit theory about NSX controllers and its importance.

NSX Controllers

NSX controllers are the control plane for NSX. They are deployed in a cluster arrangement, so as you deploy these, you can add more controllers for better performance and high availability so that if you loose one of em, you do not loose control functionality. These are important, if you loose enough of these, things stop working. read more