We are building vRA 7.3 . We added vCenter and NSX manager as endpoint in vRA. And associate NSX manager with vCenter. All of computing resource data collection works well but not NSX (network and security): So in vRA reservation, we only can see vSphere cluster, vDS port-group/logical switch but not Transport zone, security group/tags …
Continue reading vRA7.3 and NSX Integration: Network Security Data Collection Failure
VMware offers a great and powerful tool pktcap-uw to perform packet capture on ESXi host. Pktcap-uw offers a lot of options for packet capture. https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2051814 Here I show most common used in my daily life here for your reference. I normally perform a packet based on vSwitch port ID or DV filter (NSX DFW) To do …
Continue reading Perform Packet Capture on VMware ESXi Host for NSX Troubleshooting
To understand the real throughput capacity of NSX IPSec in Softlayer, I built a quick IPSec performance testing environment. Below are the network topology of my testing environment: NSX version: 6.2.4 NSX Edge: X-Large (6 vCPUs and 8G Memory), which is the largest size NSX offers. All of Edges in this testing enviroment reside in the …
In this blog, I developed a very simple Python scripts to create NSX security group whose membership is based on Security Tag. Please note this script is to show you the basic, which has not been ready for a production environment. Two Python functions are includes in this script: create_tag is used to create a …
Continue reading Simple Python Script Creating a Dynamic Membership Security Group
In one of NSX doc, the below is suggested around DLR OSPF Adjacencies configuration maximum: OSPF Adjacencies per DLR 10 This maximum applies to NSX 6.1, 6.2 and 6.3. In OSPF , OSPF optimizes the LSA flooding process on multiaccess network by using DR (designated rourer) and BDR (backup DR). Routers that are not DR or …
Continue reading NSX-v DLR OSPF Adjacencies Configuration Maximums
Heat is the main project in the OpenStack Orchestration program. We can use heat to automate security group implementation. If you have NSXv plugin integrated with your OpenStack environment, you can use Heat template to automate your NSX DFW rules implementation as well. Here I will show you how to use Terraform to do the …
Continue reading Automate OpenStack Security Group with Terraform
Packet capture is very useful and strong tools for troubleshooting as the packet always tell you the truth. From NSX 6.2.3, you can use Central CLI to perform packet capture for individual VM. My friend Tony has published a very good blog around how to use this tools. You can refer his blog in the …
Continue reading Limitation of NSX Central CLI Packet Capture
In NSX, by default NSX will save your DFW configuration when you perform a change. Up to 90 Configuration can be saved. This feature is called auto save or auto-draft, which is designed to help the restoration of your DFW configuration. However this feature can be A BOMB as well when you have a "big" (like …
In NSX 6.1.4, I tried to perform packet capture to analysis the end to end connectivity restoration during Edge HA failover. But I only can capture packet for a single vNic at one time. Somebody may say this can be worked around by performing another packet capture on another vNIC in ESXi hosts by use of …
Continue reading NSX Edge Packet Capture on Multi-vNics simultaneously
In our OpenDev NSX environment, we have 3 vSphere clusters: each cluster has 3 ESXi hosts. During the NSX upgrade from 6.2.3 to 6.2.4, we see the following message when we tried to upgrade the ESXi cluster which NSX Controllers are running on: DRS recommends hosts to evacuate. After a quick investigation, I realised that …
Continue reading vSphere DRS anti-affinity rules block ESXi hosts NSX upgrade
InsidePacket 