From NSX-v version 6.4.0, NSX API begins to support JSON format for its response not like before only XML format. From my own expereince, I prefer to use JSON format than XML format as it is easier to decode and encode JSON data than XML data. So I took 1 weekend to re-write my old …
Author: insidepacket
Install PowerCLI and PowerNSX Offline on RHEL7
With the release of PowerCLI 10.0.0, VMware adds support for Mac OS and Linux! Now you can install PowerCLI and PowerNSX on Linux System including RHEL, Centos, Unbuntu and Mac OS. To complete installation of VMware PowerCLI 10 and PowerNSX, firstly you need to install Powershell Core 6.0. In most of enterprise environments, we won't …
Continue reading Install PowerCLI and PowerNSX Offline on RHEL7
Wireshark Filter for SSL Traffic
Useful Wireshark filter for analysis of SSL Traffic. Client Hello: ssl.handshake.type == 1 Server Hello: ssl.handshake.type == 2 NewSessionTicket: ssl.handshake.type == 4 Certificate: ssl.handshake.type == 11 CertificateRequest ssl.handshake.type == 13 ServerHelloDone: ssl.handshake.type == 14 Note: "ServerHellpDone" means full-handshake TLS session. Cipher Suites: ssl.handshake.ciphersuite I found the below from Wiki. All these SSL handshake message types …
Create XML file in vRealize Orchestrator for NSX Automation
NSX API uses XML format for API communication. To automate NSX in VMware vRealize Orchestror, it is always required to create a XML file with javascript as vRO workflow supports javascript only.Here i only shows you an example to how to do it. The target here is to create a security group and add a …
Continue reading Create XML file in vRealize Orchestrator for NSX Automation
NSX Load Balancer Qucik Summary
Recently, I was asked a lot of questions around the capability of NSX load balancer by team and customers. So I put a quick summary of NSX load balancer to ease my life. NSX can perform L4 or L7 load balancing: L4 Load Balancing (packet-based load balancing) : support TCP and UDP load balancing, which …
New Ansible F5 HTTPs Health Monitor Module
Just got time this weekend to test the newly released dev version of Ansible F5 HTTPs health monitor. The result of testing looks good: most of common use cases have been covered properly. Below is my first playbook for my testing: After run the playbook, I log in my F5 BIGIP VE and see the …
vRA7.3 and NSX Integration: Network Security Data Collection Failure
We are building vRA 7.3 . We added vCenter and NSX manager as endpoint in vRA. And associate NSX manager with vCenter. All of computing resource data collection works well but not NSX (network and security): So in vRA reservation, we only can see vSphere cluster, vDS port-group/logical switch but not Transport zone, security group/tags …
Continue reading vRA7.3 and NSX Integration: Network Security Data Collection Failure
Perform Packet Capture on VMware ESXi Host for NSX Troubleshooting
VMware offers a great and powerful tool pktcap-uw to perform packet capture on ESXi host. Pktcap-uw offers a lot of options for packet capture. https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2051814 Here I show most common used in my daily life here for your reference. I normally perform a packet based on vSwitch port ID or DV filter (NSX DFW) To do …
Continue reading Perform Packet Capture on VMware ESXi Host for NSX Troubleshooting
NSX IPSec Throughput in IBM Softlayer
To understand the real throughput capacity of NSX IPSec in Softlayer, I built a quick IPSec performance testing environment. Below are the network topology of my testing environment: NSX version: 6.2.4 NSX Edge: X-Large (6 vCPUs and 8G Memory), which is the largest size NSX offers. All of Edges in this testing enviroment reside in the …
Simple Python Script Creating a Dynamic Membership Security Group
In this blog, I developed a very simple Python scripts to create NSX security group whose membership is based on Security Tag. Please note this script is to show you the basic, which has not been ready for a production environment. Two Python functions are includes in this script: create_tag is used to create a …
Continue reading Simple Python Script Creating a Dynamic Membership Security Group