vRA7.3 and NSX Integration: Network Security Data Collection Failure

We are building vRA 7.3 . We added vCenter and NSX manager as endpoint in vRA. And associate NSX manager with vCenter. All of computing resource data collection works well but not NSX (network and security): So in vRA reservation, we only can see vSphere cluster, vDS port-group/logical switch but not Transport zone, security group/tags …

Continue reading vRA7.3 and NSX Integration: Network Security Data Collection Failure

Perform Packet Capture on VMware ESXi Host for NSX Troubleshooting

VMware offers a great and powerful tool pktcap-uw to perform packet capture on ESXi host. Pktcap-uw offers a lot of options for packet capture. https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2051814 Here I show most common used in my daily life here for your reference. I normally perform a packet based on vSwitch port ID or DV filter (NSX DFW) To do …

Continue reading Perform Packet Capture on VMware ESXi Host for NSX Troubleshooting

NSX IPSec Throughput in IBM Softlayer

To understand the real throughput capacity of NSX IPSec in Softlayer, I built a quick IPSec performance testing environment. Below are the network topology of my testing environment: NSX version: 6.2.4 NSX Edge: X-Large (6 vCPUs and 8G Memory), which is the largest size NSX offers. All of Edges in this testing enviroment reside in the …

Continue reading NSX IPSec Throughput in IBM Softlayer

Simple Python Script Creating a Dynamic Membership Security Group

In this blog, I developed a very simple Python scripts to create NSX security group whose membership is based on Security Tag. Please note this script is to show you the basic, which has not been ready for a production environment. Two Python functions are includes in this script: create_tag is used to create a …

Continue reading Simple Python Script Creating a Dynamic Membership Security Group

NSX-v DLR OSPF Adjacencies Configuration Maximums

In one of NSX doc, the below is suggested around DLR OSPF Adjacencies configuration maximum: OSPF Adjacencies per DLR 10 This maximum applies to NSX 6.1, 6.2 and 6.3. In OSPF , OSPF optimizes the LSA flooding process on multiaccess network by using DR (designated rourer) and BDR (backup DR). Routers that are not DR or …

Continue reading NSX-v DLR OSPF Adjacencies Configuration Maximums

Automate OpenStack Security Group with Terraform

Heat is the main project in the OpenStack Orchestration program. We can use heat to automate security group implementation. If you have NSXv plugin integrated with your OpenStack environment, you can use Heat template to automate your NSX DFW rules implementation as well. Here I will show you how to use Terraform to do the …

Continue reading Automate OpenStack Security Group with Terraform

NSX Edge Packet Capture on Multi-vNics simultaneously

In NSX 6.1.4, I tried to perform packet capture to analysis the end to end connectivity restoration during Edge HA failover. But I only can capture packet for a single vNic at one time. Somebody may say this can be worked around by performing another packet capture on another vNIC in ESXi hosts by use of …

Continue reading NSX Edge Packet Capture on Multi-vNics simultaneously