Best (Public) VMware NSX Learning Resources

Let me qualify the title.. I say “best” with the full authority that my opinion carries.  Just trying to give y’all a place to go to get your NSX learn on…

Digital Literature …

VMware Product Walkthroughs – NSX 

The NSX walkthrough is the perfected balance the brevity of a presentation slide-deck with involved hands-on demonstrations.  Very well put together (Check out some of the other walkthroughs).

VMware NSX Design Guide 

The design guide is a PDF~30 pages is a gentle introduction to NSX topologies.  Fundamental read if you’re still trying to get a handle on NSX concepts. 

VMware Network Virtualization Blog

Subject matter content from the experts.  Posts by Martin Casado, Bruce Davie, Brad HedlundRoger Fortier.

VMware Hands on Labs (HOL) Focus: Networking

Get acquainted with NSX Dynamic Routing, the Distributed Firewall & Load Balancing.

VMware NSX 6 Documentation Center

Nothing fancy about this one… ’tis the manuals.  NSX Install and Upgrade Guide & NSX Administration Guide.  Although in the public domain, this resource is extremely difficult (if not impossible) to find via search.  But they are in the public domain.  Whatever is public is not private…right?  

Martin Casado’s Blog – Network Heresy

Scott Lowe’s Blog – Learning NVP/NSX 

Brad Hedlund’s Blog – NSX

If videos are the way you learn …

NSX Architecture Webinar by Ivan Pepelnjak on ipspace.net

VMworld 2013 – Introducing the World to VMware NSX (By Sachin Thakkar)

VMware Interview – Bruce Davie on NSX

VMware NSX Demo

This should at the very least provide a fair start for anyone looking to mentally ramp up for the NSX NVP.

– Gabe

Advertisements

vShield/vCNS 5.1x CLI Operations using Expect

The vCNS(vShield) practical CLI use is limited from a configuration perspective, but you may need to interact with these from time to time.  Troubleshooting /debugging sessions/log purging come to mind.

The options for getting the job done:

1.  Interact with the vCNS Manager virtual machine console in vCenter (not great for debugging, or reading the long exception output)

2.  SSH (ssh server is enabled from the console: vsm> enable, vsm# ssh start)

Expect works well with the vtysh pseudo-terminal used for the vCNS Manager console.   I tried and failed (due to errors interacting with the terminal).   If you manage multiple vCNS environments, it makes sense to wrap the interactions into these expect scripts.  Here’s a small example expect script to change the CLI password from the default.

#!/usr/bin/expect -f
# Synop: SSH to vCNS Appliance console. Auth. Enter priv mode. Auth Enter global config. Change the 
# default password.
# SSH <vsm#ip> # enable [enter] # default [enter] # config t [enter]
# cli password %passwword> [enter] # end [enter] # wr mem
#
spawn ssh admin@1.2.3.4
expect "password: "
send "default\r"
expect ">"
send "en\r"
expect "Password: "
send "default\r"
expect "#"
send "config t\r"
expect "#"
send "cli password mYn3wp@ssw0rd\r"
expect "#"
send "\r"
send "exit\r"

If your operational policy is to update your password every few months; you will find yourself revisiting a script like this.  For passing commands to multiple vCNS Managers, you can extend the script to spawn connections based on a list (outside the scope of this post).

@gabe_rosas

GabeNetworkDojo

vCNS 5.1.x Edge Force Sync 101

vCNS Edge Force Sync The action of synchronizing the Edge appliance to the vCNS Manager by OS reboots.

Any time a Force Sync is initiated, vCNS Manager writes the event to syslog (if enabled) [System Events for Critical Event ID 30100]. This entry is logged per edge VM, so two entries for an HA pair.

The events can be viewed in vCNS UI, under Settings & Reports > System Events:
Image

What are the implications of a Force Sync? 

I completed several Force Sync tests using timestamped ICMP requests against Virtual Servers configured on an HA Edge appliance.  When the Force Sync action is initiated the job will reset the first appliance and stagger the 2nd reboot requests by ~ 30 seconds.

When Edge-0 (the first Edge VM) is reset the test virtual server VIP became  ~ 10 – 11 seconds of impact (ICMP requests to the Virtual server IP fail). At the end of the 10 – 11 seconds, the Standby edge takes over the load balanced services and these become reachable for ~ 24 seconds until the 2nd VM is reset.

Once the Edge-1 (the 2nd Edge VM) is reset, the services once again become unavailable for ~ 60 seconds, until the 1st Edge VM is fully initialized.

Note: A less impactful appliance reset can be acomplished by manually resetting the standby edge, waiting at least 90 seconds for initialization – then resetting the active edge.  

Note: Tests conducted using vCNS 5.1.b.  As with anything, depending on your environment and configuration, your mileage may vary.  

How to initiate a Force Sync from the vCNS UI:

1. Browse to the vCNS Manager
2. View Edges
3. Select Edge Gateways
4. Select a deployed Edge.
5. Click the Actions cog.
6. Select Force Sync
Image

How to initiate a Force Sync from the vCNS REST API:

Force Sync an Edge with its vShield Manager (pg 144 of the REST API guide)
GET https://<vsm-ip>/api/3.0/edges/<edgeId&gt;?action=forcesync


How do I view Force Sync details in the vCNS Manager logs?

1. SSH to the vCNS Manager CLI
2. Execute the command
       vsm-name# show manager log follow  

Inspect the logs for the following entries, related to the force sync (bold # = comment line)

# Force Sync is scheduled, assigned ID “jobdata-1831”

2013-06-16 10:53:05.058 GMT INFO http-443-exec-677 EdgeServiceImpl:744 – Successfully created forceSync job jobdata-1831 for edge ‘edge-16’
2013-06-16 10:53:05.111 GMT INFO http-443-exec-677 Publisher:509 – Scheduled job Id jobdata-1831
2013-06-16 10:53:05.165 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Force sync : Rebooting appliances for edge-16.

# Edge-0 Reset request is sent, wait for edge Init
2013-06-16 10:53:05.352 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:349 – Reset the edge appliance : ‘vm-12780’
2013-06-16 10:53:11.955 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:367 – Reboot the edge appliance : ‘vm-12780’
2013-06-16 10:53:11.958 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:226 – Attempt # ‘1’ to reboot the edge VM ‘vm-12780’
2013-06-16 10:53:12.027 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:99 – Rebooting VM ‘d0p1v4mgmt-vse-pub-0’
2013-06-16 10:53:12.150 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:101 – Successfully rebooted VM ‘d0p1v4mgmt-vse-pub-0’
2013-06-16 10:53:12.150 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:371 – Wait for Vse Init : ‘vm-12780’

# 30 seconds later Edge-1 Reset request is sent, wait for edge Init
2013-06-16 10:54:26.410 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:349 – Reset the edge appliance : ‘vm-12784’
2013-06-16 10:54:33.003 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:367 – Reboot the edge appliance : ‘vm-12784’
2013-06-16 10:54:33.009 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:226 – Attempt # ‘1’ to reboot the edge VM ‘vm-12784’
2013-06-16 10:54:33.034 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:99 – Rebooting VM ‘d0p1v4mgmt-vse-pub-1’
2013-06-16 10:54:33.185 GMT INFO pool-55442-thread-1 VirtulMachineVcOperationsImpl:101 – Successfully rebooted VM ‘d0p1v4mgmt-vse-pub-1’
2013-06-16 10:54:33.185 GMT INFO pool-55442-thread-1 EdgeApplianceServiceImpl:371 – Wait for Vse Init : ‘vm-12784’

# Synch latest config version. Publish configurations to both edges.
2013-06-16 10:56:02.551 GMT INFO pool-55442-thread-1 ForceSyncTask:98 – Synching configuration for edge edge-16, config version 14.
2013-06-16 10:56:02.552 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Force sync : Synching configuration for vShield Edge edge-16, config version 14.
2013-06-16 10:56:02.699 GMT INFO pool-55444-thread-1 AbstractEdgeApplianceManager:537 – Downloading file ‘/var/log/events.old’ from VSE ‘vm-12825’ to location ‘/tmp/events.edge-38’ on VSM
2013-06-16 10:56:02.751 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Preparing configuration changes to be applied on vShield Edge (edge-16) d0p1v4mgmt-vse-pub-0
2013-06-16 10:56:02.789 GMT INFO pool-55444-thread-1 AbstractEdgeApplianceManager:537 – Downloading file ‘/var/log/events.old’ from VSE ‘vm-12837’ to location ‘/tmp/events.edge-38’ on VSM
2013-06-16 10:56:02.828 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Preparing configuration changes to be applied on vShield Edge (edge-16) d0p1v4mgmt-vse-pub-1
2013-06-16 10:56:02.945 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Publishing configurations on vShield Edge Virtual Machine vm-12780
2013-06-16 10:56:02.947 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:613 – The vse command is being sent to ‘vm-12780’
2013-06-16 10:56:02.956 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Publishing configurations on vShield Edge Virtual Machine vm-12784
2013-06-16 10:56:02.958 GMT INFO pool-55442-thread-1 AbstractEdgeApplianceManager:613 – The vse command is being sent to ‘vm-12784’

# Confirmation of completion Force Sync “jobdata-1831” Total time elapsed 3 Min 5 sec
2013-06-16 10:56:10.251 GMT INFO pool-55442-thread-1 PublishUtils:174 – Job ‘jobdata-1831’ progress – Force sync : Completed configuration of version 14 on appliances for edge-16.

 

vCNS 5.1.x Tasks Not Displayed

There is a condition in the current releases vCNS Manager that causes the tasks tab to not display tasks at all.  This condition will be fixed in an upcoming release.   This article provides a workaround for an environment where an upgrade is not feasible for whatever reason.Image

If there are any tasks initiated by a user that no longer exists, the VSM tasks tab will display an error in the UI. The logs will also display a warning.

  vsm#show manager log follow

Look for the following warning message:

2013-05-23 21:27:35.806 GMT  WARN http-443-exec-315 DefaultExceptionLogger:35 – The following exception occurred during request processing by the BlazeDS MessageBroker and will be serialized back to the client:
flex.messaging.MessageException: Internal server error has occurred.

Caused by: javax.persistence.EntityNotFoundException: Unable to find com.vmware.vshield.vsm.usermgmt.model.UserInfo with id userinfo-40

The following work-around requires linux console access – in most cases it should be completed by VMware Global Support Services.

Run the psql client:
psql -U secureall

Execute :
update task set user_info=null;

Refresh the tab.  Tasks should now be displayed.

Image