Learn NSX Day 16 : Useful Commands & Errors

NSX Manager ( Open console of NSX Manager – try basic commands)

List

List
List

sho? (displays commands starting with “sho”)sho

Privileged mode

Privileged Mode
Privileged Mode

Ping

Ping
Ping

Show Clock

Time
Time

Show file system

show filesystem
show filesystem

Type : quit     (to exit)

 

 

NSX Controller CLI Commands:

Identify which port the switch manager is using
Show controller-cluster connections

Identify control cluster majority leader
show control-cluster status

Very useful blog on trouble shooting NSX http://www.yet.org/2014/09/nsxv-troubleshooting/

 

Errors

Error Message : Invalid_ID_Information

Reason : PreShared Key doesn’t match

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 15 : NSX Backups

Backup NSX Two options available

  • Via NSX Manager

    backups
    backups
  • Via NSX API

Details required for backups

  • Filename prefix
  • Transfer protocol
backup-details
backup-details

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 14 : Monitoring

Activity Monitor

activity-monitor
activity-monitor

To monitor add VMs in to a activity monitoring security group (service composer)

  • Enable data collection
  • Then you can validate security policies are applied

Monitor Traffic

  • vDS allows port mirroring to be configured
  • Remote mirroring is an option to configure. (duplicate traffic to another port)

Flow Monitoring

flow-monitor
flow-monitor

 

  • Includes the ability to detect rouge services

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall

vDS (Distributed Switch)
An interface on a distributed switch can connect to the rest of the network

distributed-switch
distributed-switch

Advanced Settings

distributed-switch-settings
distributed-switch-settings

 

To implement:

  • Enable OSPF

    OSPF
    OSPF
  • Config uplink
  • Add subnet to new interface
  • Assign VLAN number to distributed port group for VLAN IF

Limits

There can be up to x1000 logical interfaces to one distributed router

 

Distributed Logical Firewall
Diagram to try and display my understanding of how the firewall rules apply based on security groups

Distributed Logical FirewallRules only apply to the ESXi hosts which have the source or destination VM traffic

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 12 : Spoof Guard

Spoof Guard

A useful feature, help prevent rouge systems connecting in to your network by pretending to be another server. An approved list of authorized servers is generated on IP, MAC. This is a separate feature from firewalls. My understanding it would increase security alongside firewall rules. See VMwares description for further information

spoof-guard
spoof-guard

Operation Modes

  • Auto trust IP on their first use
  • Manually inspect and approve before use

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 11 : NSX EDGE

Features

edge
edge

HA – Loose the Primary node and the secondary takes over. Existing connection then need to reconnect.

Load balancing – One option is to load balance based on Least connections

VPN – Edge service gate can form Layer 2 VPNs (even retain existing IPs)

Authentication – A few auth options are RSA Secure ID and Active directory

DNS – Edge will forward DNS requests to the DNS server

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

 

Learn NSX Day 10 : Layer 2 Bridging

Diagram is to try and display my understanding how layer 2 bridging might work.
Layer 2 BridgingWhy

  • Extend the physical services to virtual machines
  • Allow physical devices to use NSX edge gateway as a router
  • VPN’s over untrusted medium

What does it require?

  • Distributed F/W rule to allow layer 2 bridging

    layer-2-bridging
    layer-2-bridging
  • A logical router

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 9 : Load Balancing Feature

EDGE Load Balancing
Networking and Security > NSX EDGE > Manage > Load Balancer tab.

load-balancing-edge
load-balancing-edge

Three load balancing options available

  • Enable Loadbalance – For internal servers distributed traffic
  • Enable Service Insertion – Load balance with third party vendor appliances
  • Acceleration Enabled – For faster L4 LB engine instead of L7

You can also select a variety of logging options

Details can be found in the VMware Document Centre

 

vSphere standard switch – Load Balancing

Diagram try to display my understanding of the vSphere standard switch load balancing using Round Robin of physical NICs

Load Balancing Feature

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 8 : vDS (vSphere Distributed Switch)

Switch Features

vDS-versions
vDS-versions

 

  • Network I/O Control
  • LLDP
  • Port Mirroring

Policy Settings

  • Access Control Lists
  • LCAP v2
  • DSCP Marking

 

Configure Virtual Machine to use vDS

  • VMs – Adapter Settings

    adapter-settings
    adapter-settings
  • Migrate Virtual Machine
migrate-vm
migrate-vm

More information on Best Practice available in this white paper: http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vsphere-distributed-switch-best-practices-white-paper.pdf

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 7 : Deploying ESXi

Image Builder
Reason to use :
Pre load NSX VIBs into your ESXi image for an auto deploy solution
(Prep ESXi hosts normally in Update Manager)
A guide can be found her How to Install VIBs on ESXi host vmwarearena.com

Check VIBs are loaded

host-prep
host-prep

Check for  :
NSX VXLAN
NSX Distributed Firewall

Where to check. See example “Verify NSX VIBs Installation from ESXi hosts” vmwarearena.com

  

ESXi

  • Logs F/W decisions
  • Requires “netcpa” agent to be running for VXLAN tunnel end point (VTEP)
  • Shows ARP entries for given VXLAN network

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.