Learn NSX Day 1 : NSX Requirements

The assumption is you already know what NSX is. These are my study notes and exam prep. If you want an introduction to NSX, try this Alex Hunt introduction to NSX

For my setup the basic requirements are :

·         vSphere environment using vCenter & ESXi (HA, DRS & FT)
·         ESXi Cluster (idealy x2 clusters, 1x Mgmt and 1xService)
·         1x vCenter per NSX Manager
·         Physical network 1600 MTU
·         1 x vDS
·         Prep hosts for NSX (VIBS) – Manually or use Updated Manager
·         Desktop Client (Windows 10) running Chrome or Firefox with flash installed
·         NSX ova required 16GB RAM and 4 CPU. (unsupported 8GB RAM and 2 CPU)

For a quick deploy in a PoC Deploy-and-Configure-VMware-NSX-in-23-minutes (untested, all scripts are at you own risk)

Minimum versions which support NSX

·         vCenter 5.5
·         ESXi 5.1
·         vShield 5.5
·         vCNS 5.5

VMware NSX Configuration Maximums 6.2

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are note made during my study of VMware for NSX. Apologise if any of the detail is incorrect. Hopefully posts under Learn NSX help others to start learning about VMware NSX for vSphere.

Learn NSX – VMware NSX for vSphere

nsx1_hotwiredv2
Over the following weeks I’ll be posting my study notes on VMware NSX for vSphere

These notes have been created based on :
1) Attending VMware Network Virtualization Fundamentals – On site training by VMware
2) NSX SE Customer Labs (NSXv 6.1)- On site training by VMware
3) NSX for vSphere 6.1 Exploration – Lab- On site training by VMware
4) Setting up a PoC NSX lab – Hot Wired IT Solutions facilities
5) VMware® NSX for vSphere (NSX) Network Virtualization  Design Guide
6) VMware Learning Platform – NSX training modules


Topics
:
Day 1 starts  10.10.16 – Each day of notes will be available at 8am (GMT)
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API

Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologises if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

VMware discussing NSX Notes

Agenda

  • NSX 201 cross centre metro cluster, data centre migration / DR use case
  • NSX futures – distributed network encryption, management of containers, securing multiple clouds
  • VMware strategy for the cloud native applications and dev ops
  • Deep dive on Photon, lightwave, container management

NSX Discussion
How does NSX protect against bank attach or Twitter hack

NSX micro segmentation (isolation of apps)  ..DFW

3rd party integration like trend , Mcafee .. Steer traffic for layer 7 traffic.. For malware inspection.. Security tag VM.. It tells NSX to automate a policy, possible a quarantine policy

3rd party’s develop the tags ( protects against bank attach or Twitter hack etc ). NSX relies on the 3rd party NSX tags to apply a policy. NSX does have some features for tagging using activity monitoring an VM tools. VM tools can see what is running within the VM.

DMZ anywhere .. How long to provision a VM web facing and secure. NSX can spin it up instantly.

Secure user environment ..

Overlay virtual networking ( abstract )
Stretch across sites
Tunnelling ( change from vLans etc )
Logical layer 2. Packet in envelope. Encapsulate the traffic.
Vxlan

NSX is distributed across hosts rather than all going via a central physical firewall.

Develop cloud – Strategy vRealise but also others such as openstack
Others doing networks , Neutron in theory not as scale able. Challenge is abstraction layer.

Time to setup a PoC!!!

VMware do a NSX 2 day training

 

Containers – Cloud Native Apps

Contains, Windows 2016 ,G1 -> G2 -> G3 photon
Challenges with containers
Containers sit in the same user space on the same VM. Deploy multiple containers only appear as one VM in vcentre.

PowerCLI – Setup Host networking and storage ready for ISCSI LUNs

Useful script. Additional details and screen shots can be found using the following link

Script below provided by @Saintdle

( All scripts should be tested in a Lab environment only )

#Setup which host to target
$VMhost = ‘hostname’

#Create vSwitch2 for storage, add vmnics, add two vmkernels with Storage IPs, setup NIC teaming (based on the fact you probably have vSwitch0 for mgmt and vSwitch1 for VM traffic)

$vswitch2 = get-vmhost $VMhost | new-virtualswitch -Name vSwitch2 -Nic ‘vmnic2′,’vmnic5’ -Mtu 9000 -NumPorts 120

New-VMHostNetworkAdapter -VMhost $VMhost -virtualswitch $vswitch2 -portgroup iSCSI_ESX_01 -ip IP_ADDR -subnetmask SUBNET_MASK -Mtu 9000

New-VMHostNetworkAdapter -VMhost $VMhost -virtualswitch $vswitch2 -portgroup iSCSI_ESX_02 -ip IP_ADDR -subnetmask SUBNET_MASK -Mtu 9000

Get-VirtualPortGroup -VMhost $VMhost -virtualswitch $vswitch2 -Name iSCSI_ESX_01 | Get-NicTeamingPolicy | Set-NicTeamingPolicy -MakeNicActive vmnic2 -MakeNicUnused vmnic5

Get-VirtualPortGroup -VMhost $VMhost -virtualswitch $vswitch2 -Name iSCSI_ESX_02 | Get-NicTeamingPolicy | Set-NicTeamingPolicy -MakeNicActive vmnic5 -MakeNicUnused vmnic2

#Create Software iSCSI Adapter

get-vmhoststorage $host | set-vmhoststorage -softwareiscsienabled $True

#Get Software iSCSI adapter HBA number and put it into an array

$HBA = Get-VMHostHba -VMHost $VMHost -Type iSCSI | %{$_.Device}

#Set your VMKernel numbers, Use ESXCLI to create the iSCSI Port binding in the iSCSI Software Adapter

$vmk1number = ‘vmk1’
$vmk2number = ‘vmk2’
$esxcli = Get-EsxCli -VMhost $VMhost
$Esxcli.iscsi.networkportal.add($HBA, $Null, $vmk1number)
$Esxcli.iscsi.networkportal.add($HBA, $Null, $vmk2number)

#Setup the Discovery iSCSI IP addresses on the iSCSI Software Adapter

$hbahost = get-vmhost $VMhost | get-vmhosthba -type iscsi
new-iscsihbatarget -iscsihba $hbahost -address IP_ADDR

#Rescan the HBA to discover any storage
get-vmhoststorage $VMhost -rescanallhba -rescanvmfs

Trouble shooting a Disconnected Host in VMware vCenter

When your ESXi hosts are all setup up in vCenter and using HA and DRS but a blip happens, the power goes or  a host has a moment “not responding”.

disconnected host

In this  scenario we powered off the ESXi host.

What can you check?

Possible options. Try reconnecting the host if there has been no other changes

normal state reconnect

Watch the status bar for progress

Reconnecting host

What if it fails to connect like in the image below

failed to connect

  1. Don’t forget a few basic connectivity checks like…Can you ping the host?
  2. Can you connect to the ESXi host by DNS name or IP & local user and password using the vSphere client?
  3. Can you connect to any VMs which were / are still running on the disconnected host?
  4. Can you restart the management service on the ESXi host?
  5. Can you ilo to the ESXi host? Any errors /events logged on the host
  6. Any network switch down?
  7. Any SAN issues?

These are just a rough guide, it is no responsibility of the Author if you try any of these actions. Try at your own risk.

VMware vCenter 5 – NFC Server error

Issue

NFC Error

In vSphere 5 we moved an ISO from a local drive to a datastore using the VMware Infrastructure Client. Upon instigating the upload it immediately failed.

Error message :  Failed to log into NFC server.

Possible DNS issue with servers for the host?

Solution:
We found missing DNS entries for the ESXi hosts. The servers specified were referencing DNS IP addresses that had no entries for the ESXi hosts being administered.

VMware ESXi 5.1update3 and deploying Red Hat Linux Enterprise 7 x64

Deploying a Red Hat Linux Enterprise 7 x64 virtual machine on ESXi 5.1update3.  

Issue
The “Red Hat Linux Enterprise 7 x64” OS options is not available in the drop down list when trying to deploy a new VM from the vSphere client.

Supported
Just to confirm, it is supported in ESXi 5.1 update 3 (others might say update 2). (See VMware compatibility guide http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software&testConfig=16 )

Solution
However, to deploy with the option to select Red Hat Linux Enterprise 7 x64 for the OS, you will need to deploy from the web client and not the usual vSphere client.

Just tested with web client with SSO an the VM deployed successfully.

Useful 5.5 article https://communities.vmware.com/message/2401557