می 30, 2016
admin
0

نحوه حذف NSX VIBS از هاست ESXi

As we already discussed many times, Job of vSphere Administrators is not so limited to GUI. You should be always available with troubleshoot your issues from command line or CLI.This also applies ,when you are dealing with VMware NSX. We have already discussed about manually installing NSX VIBS from CLI of ESXi host. There are some situation that the installation or Uninstallation of NSX VIB’s may fail due to some reason and we as vSphere admin should have to troubleshoot and fix the installation/Uninstallation issues. I have faced one of the issue, when i try to uninstall the NSX components from vSphere Web Client. Let’s take a detailed look at step by step procedure to manually remove NSX VIBs on the ESXi host.

You can UnPrepare the Host/Cluster from vSphere Web Client -> Network & Security -> Installation ->Host Preparation -> Click on UnInstall to unprepare/ Uninstall the NSX VIBs from ESXi host.

Sometimes, The Uninstall step may get failed due to some communication issues. We should also be ready to manually remove the NSX VIBs installed on the ESXi host from Command Line. There are 3 VIBs related to NSX which we need to remove from the ESXi host.

esx-vxlan
esx-vsip
esx-dvfilter-switch-security

One VIB enables the layer 2 VXLAN functionality, another VIB enables the distributed router, and the final VIB enables the distributed firewall.

Manually Remove NSX VIBs from ESXi Host:

Move your running Virtual Machines to differet host in the Cluster using vMotion. Place your ESXi Host into Maintenance Mode.

To remove the “esx-vxlan” VIB , execute the below command:

esxcli software vib remove -n esx-vxlan

To remove the “esx-vsip” VIB , execute the below command:

esxcli software vib remove -n esx-vsip

To remove the “esx-dvfilter-switch-security” VIB , execute the below command:

esxcli software vib remove -n esx-dvfilter-switch-security

Once you have removed all the 3 NSX VIBs, Reboot the ESXi host for the Changes to take effect. I hope this is informative for you. Thanks for Reading !!!. Be Social and share it in social media, if you feel worth sharing it.

نحوه نصب دستی NSX VIBS بر روی هاست ESXi

Category : دسته‌بندی نشده

نحوه نصب دستی NSX VIBS بر روی هاست ESXi

Job of vSphere Administrators is not so limited to GUI. You should be always available with troubleshoot your issues from command line or CLI.This also applies, when you are dealing with VMware NSX. We have already discussed about Preparing your vSphere CLuster and Host by installing NSX VIBS from Network & Security plugin from vSphere Web Client. It always a situation that the installation of NSX VIB’s may fail due to some reason and we as vSphere admin should have to troubleshoot and fix the installation issues. I have faced one of the issue when i prepare my cluster/ ESXi host for NSX. Let’s take a detailed look at setp by step procedure to manually install NSX VIBs on the ESXi host.

Download NSX VIBs from the below URL:

https://<NSx-Mgr-IP>/bin/vdn/vibs/5.5/vxlan.zip

If you extract the downloaded “vxlan.zip”. Below are contents of the vxlan.zip. It Contains the 3 VIB files

esx-vxlan
esx-vsip
esx-dvfilter-switch-security

One VIB enables the layer 2 VXLAN functionality, another VIB enables the distributed router, and the final VIB enables the distributed firewall.

Extract the vxlan.zip file and Copy the folder into the Shared Datastore or on the local folder of the ESXi host using WinScp. I have copied the folder into my ESXi host in /tmp directory. Let’s install the NSX VIBs one by one in the ESXi host.

Install the “esx-vxlan” vib on the ESxi host using the below command:

esxcli software vib install –no-sig-check -v /tmp/vxlan/vib20/esx-vxlan/VMware_bootbank_esx-vxlan_5.5.0-0.0.2107100.vib

Install the “esx-vsip” vib on the ESXi host using the below command:

esxcli software vib install –no-sig-check -v /tmp/vxlan/vib20/esx-vsip/VMware_bootbank_esx-vsip_5.5.0-0.0.2107100.vib

Install the “esx-dvfilter-switch-security” vib on the ESXi host using the below command:

esxcli software vib install –no-sig-check -v /tmp/vxlan/vib20/esx-dvfilter-switch-security/VMware_bootbank_esx-dvfilter-switch-security_5.5.0-0.0.2107100.vib

That’s it. We are done with manually installing NSX VIBs on ESXi host. This operations don’t require reboot of the ESXi host. Even this can be done when active workloads are running on the ESXi host. I hope this is informative for you. Thanks for reading. Be Social and share it in social media, if you feel worth sharing it.

بروز مشکل در حذف NSX Logical Switch

Category : دسته‌بندی نشده

بروز مشکل در حذف NSX Logical Switch

I recently worked with my NSX Setup and I tried to remove/Delete one of the Logical Switch in my Lab. I am getting the error Message “Resources are still in Use”. We come to know from the error message that some of the resources like VM’s are utilizing this Logical switch. That’s why we are not able to delete this Logical Switch. Yes, It is correct. Let’s discuss in this, How to verify what are all the resources are actively utilizing the NSX Logical Switch.

Login to vSphere Web Client -> Network & Security ->Logical Switch -> Select the Logical Switch which you are attempting to delete.

Double Click the Logical Switch, Which you attempt to delete. Select the Related Objects tab, then click on the Virtual Machines Tab.

If you have any remaining virtual machines connected to the Logical Switch you are attempting to delete, migrate them to another Logical Switch. In our Case, I see the VM named “App-svr-1”.which is still connected to the logical switch “App Tier”. So Migrate this VM to Different port Group by Edit settings.

Ok. We have migrated the VM to different Port Group. I tried to delete the Logical Switch. I was Getting the error message “Resources are still in Use”. Yes. There is one more resource which we need to verify . Which Is whether this Logical Switch is connected to any of the NSX Edge Device or DLR (Distributed Logical Router).

Double click the Logical Router which you are attempting to delete. Click on the Manage tab, then click on the NSX Edges button.

If you have any connections (interfaces) to an NSX Edge you will need to remove them I can see this Logical Switch “App Tier” have active connections(interfaces) to the Logical Router. We need to remove them.

To delete the NSX Logical Router Interface, Click on vSphere Web Client -> Network & Security -> NSX Edges ->Select and Double click the Edge Device, where you have active connections to Logical Switch. -> Click Manage Tab -> Settings -> Interfaces -> Select the Interface which connected to your Logical Switch -> Click on X Symbol to delete the interface.

Once both VM’s and Interface(LIF) which is attached to Edge Devices are removed, our Logical Switch don’t have any resources attached to it. Let’s Delete the Logical Switch by Click on X symbol to delete the Logical Switch.

Once Logical Switch is deleted ,you can see task “Delete Distributed Port Group” completed in Recent Tasks tab. Which removes the Port Group which relates to the Logical Switch.

That’s it. We are done with deleting the NSX Logical Switch. I hope this is informative for you. Thanks for Reading !!!. Be Social and share it in social media, if you feel worth sharing it.

بکاپ گیری و بازگردانی داده های VMware NSX Manager

Category : دسته‌بندی نشده

VMware NSX – Backup & Restore VMware NSX Manager Data

When comes to infrastructure systems, It is always a question of what will be recovery option. It is very normal that system may get crashed due to some issues. It will be always a question in the mind that how would we recover the system and what will be the backup stratergy. In repsonse to the NSX Manger, We can backup and restore the NSX Manager data from NSX Manager management web page. You can back up and restore your NSX Manager data, which can include system configuration, events, and audit log tables. Configuration tables are included in every backup. Backups are saved to a remote location that must be accessible by the NSX Manager. In this post, We will discuss about how to configure and schedule the NSX Manager data. Let’s take a look at the detailed step by step procedure to configure the NSX Manager backup & restore.

Backup NSX Manager Data:

Login to NSX Manager management page using the below URL:

https:<NSX-Manager IP_or Name>

In Home Page of NSX Manager,click Backups & Restore Under Appliance Management

Click on Change to specify the FTP Server Settings to store the NSX Manager Backup files.

Enter the Below information to specify the NSX Manager Backup settings:

Enter the IP address or host name of the FTP server, which is going to store the backup files.
From the Transfer Protocol drop-down menu, select either SFTP or FTP, based on what the destination supports and Edit the default port if required.
Enter the user name and password which is required to login to the Backup System i.e FTP server
In the Backup Directory field, type the absolute path of the FTP Folder, where backups will be stored.
Type a text string in Filename Prefix. This text is prepended to each backup filename for easy recognition on the backup system. For example, if you type NSXBCKP, the resulting backup file will be named as NSXBCKPHH_MM_SS_DayDDMonYYYY.
Type the pass phrase to secure the backup and Click OK.

Click on Change next to Scheduling to schedule the backup of NSX Manager Data.

Specify the below details to Schedule the NSX Manager Data:

From the Backup Frequency drop-down menu, select Hourly, Daily, or Weekly based on your requirement. The Day of Week, Hour of Day, and Minute drop-down menus are disabled based on the selected frequency. For example, if you select Daily, the Day of Week drop-down menu is disabled as this field is not applicable to a daily frequency.
I prefer to do Weekly backup.For a weekly backup, select the day of the week and hour and Minute that the data should be backed up.
Click Schedule to save the NSX Manager backup schedule.

Click on Change settings for Exclude Option to exclude any of the data during NSX Manager Backup.

For Demo Purpose, I have excluded the Flow Records from the NSX Manager backup. and click on OK.

All Backup Settings are configured. Click on Backup to initiate the immediate backup of NSX Manager.

Click on Start to start the backup.

Once Backup is completed, You will be able to see the Last backup information like Filename, date and Size of the backup file.

I can see the same information ,when i browse towards the FTP server backup directory.

Restore NSX Manager Data:

To Restore the NSX Manager Data, Select one of the Backup file and click on Restore option to restore the NSX Manager Data.

Restoring NSX Manager data will require restart of server and Appliance management will be unavailable for sometime. Click on Yes. That it. NSX Manager Data will be restored.

That’s it.I hope this is informative for you. Thanks for Reading!!!. Be Social and Share it in social media, if you feel worth sharing it.

ایجاد Distributed Logical Router در VMware NSX

Category : دسته‌بندی نشده

ایجاد Distributed Logical Router در VMware NSX

In the Previous post, We have discussed about creating NSX logical switches and now workloads have L2 adjacency across IP subnets with the help of VXLAN. In this post, we are going to enable routing between multiple Logical switches. So We will build three-tier application with logical isolation provided by network segments. Before We deploy the Distributed Logical router, Let’s create additional logical switches. We have already created a Logical switch called “Web-Tier” in the previous post. Now i am going to create two additional Logical switches called “App-Tier” and “DB-Tier”.

I have created additional logical Switches like (App Tier, DB tier along with Web-Tier). We are going to utilize these Logical switches to enable communicate between them using Distributed Logical Routing in upcoming Section

You can see the list of Logical switches which are created from Web Client -> Network & Security -> Logical SwitchesWhen we create the logical switches, it will create a Distributed Port group on all the respective Distributed Switches.

Deploying NSX Distributed Logical Router (DLR):

NSX for vSphere provides L3 routing without leaving the hypervisor Known as the Logical Distributed Router. This advancement sees routing occur within the kernel of each host allowing the routing data plane distributed across the NSX enabled domain. The distributed routing capability in the NSX platform provides an optimized and scalable way of handling East – West traffic within a data center. East-West traffic is a communication between virtual machine or a resource within the datacenter.

In a typical vSphere network model, virtual machines running on a hypervisor want to communicate to the VM connected to different subnets, the communication between these VM’s has to go via Physical Adapter of the ESXi host to Switch and also Physical router is used to provide routing services. Virtual machine communication has to go out to the physical router and get back in to the server after routing decision. This un-optimal traffic flow is sometimes called as “hair pinning”.The distributed routing on the NSX platform prevents the “hair-pinning” by providing hypervisor level routing functionality. Each hypervisor has a routing kernel module that performs routing between the logical interfaces (LIFs) defined on that distributed router instance. LIFs is nothing but the interfaces on the router which connects various networks i.e various Logical switches.

Logical Router can support a large number of LIFs up to 1000 per Logical Distributed Router. This along with the support of dynamic routing protocols such as BGP and OSPF allows for scalable routing topologies. LDR allows for heavy optimization of east – west traffic flows and improves application and network architectures.

Below is my lab Topology. I am going to establish communication between 3 Logical switch “Web-Tier” ,”App-Tier” & “DB-Tier” using Logical Router “LDR-001”To Deploy Logical Router -> Login to Web Client ->Networking & Security -> NSX Edges -> Click on + to add NSX Logical router.

Select the Logical (Distributed) Router from the radial menu and Provide in the Name, Hostname and Description for the Logical Router and Click Next.

Set an administrative password and username. Select the checkbox Enable SSH access and click on Next.

Click on + under NSX Edge Appliances and we need to define where we want to deploy the DLR Control VM.

Specify the Cluster, Datastore, Host and Folder to deploy the DLR Control VM and click on Ok to deploy the Control VM.

Click on Next

We need to specify the Management interfaces and Logical Interface (LIF).Management Interface is for access with SSH to Control VM. LIF interface needed to be configured in Second Table below “Configure Interfaces of this NSX Edge”. Click on Select Option under Management interface Configuration to select the PortGroup to connect to the Control VM Management Interface and assign the IP address for the Management interface of the Logical Router.Click on + symbol under Configure interfaces of this NSX Edge.Create a interface called “Transit-Network” and Select the type as “Uplink”. Click on Connected To and select the logical switch”Transit-Network” to connect to and Assign the Ip address for this LIF (Logical interface). I am going to use this Transit interface to establish the communication between Logical router to Physical network by connecting it to NSX edge device. Which we will discuss in upcoming posts.Enter the Name for this Logical interface(LIF) as “App-Tier” and Select the type as “Internal” and Click on Connected To and select the Logical Switch “App-Tier” and Enter the IP address for this LIF (Logical Interface) as “172.16.20.1”.Create a interface called”Web-Tier” and click on Connected To and Select the logical switch “Web-Tier” and enter the IP address for this interface.Create a Logical Interface “DB-Tier” and connect to the Logical Switch “DB-Tier” and assign the IP address for this LIF interface and click on Ok.

I have Connected 4 Logical Switches “Transit-Network”, “Web-Tier”, “App-Tier” and “DB-Tier” as the interfaces for this logical ineterface. In Simple terms, This Logical router provides routing between the VM’s connected to this Logical switches.Review the Configured settings for the Distributed Logical Router and Click on Finish.

Once Logical router is deployed, you can see the status of the DLR deployment under NSX Edges. Wait until Status of DLR changed to “Deployed”.

Ping Test To Prove the Distributed Routing:

Ping Test between different Virtual Machines connected to different logical switches is able to reach each other. It proves that Logical Routing is working.

We are done with configuring Distributed routing. I hope this is informative for you. Thanks for Reading!!. Be Social and share it in Social media, if you feel worth sharing it.

ایجاد NSX Logical Switch

Category : دسته‌بندی نشده

ایجاد NSX Logical Switch

A cloud deployment or a virtual data center has a variety of applications across multiple tenants. These applications and tenants require isolation from each other for security, fault isolation, and avoiding overlapping IP addressing issues. The NSX logical switch creates logical broadcast domains or segments to which an application or tenant virtual machine can be logically wired. The logical switch is nothing but a distributed port group on the distributed switch. The logical switch can expand distributed switches by being associated with a port group in each distributed switch.The NSX controller is the central control point for all logical switches within a network and maintains information of all virtual machines, hosts, logical switches, and VXLANs. A logical switch is mapped to a unique VXLAN, which encapsulates the virtual machine traffic and carries it over the physical IP network.

Below is my Lab topology for Logical Switching. I am going to create a Logical switch called“Web-Tier” and attach the 2 Virtual Machines “Web-Svr-1” & “Web-Svr-2” into the created logical switch. This Logical Switch will allow the communication between these 2 Virtual Machines in different cluster without having actual physical subnet configured at Physical network layer. For both VM’s , configured IP address is in “172.16.10.x” network and ESXi hosts are in the subnet “192.168.10.x”.

Create Logical Switch:

To create the logical Switch , Login to Web Client ->Networking & Security -> Logical Switches -> + symbol to add new logical switch

Provide the Name and Description for New Logical Switch. Select the Transport Zone which we have created in the previous step. Select the replication mode as same which you have configured for “VXLAN-Global-Transport” Transport Zone. I have selected “Unicast” mode. Click on Ok to create the new logical switch.

New Logical Switch called “Web-Tier” is created. Which is assigned with VNI number “5000”.

As we Discussed earlier, Logical switch is nothing but a Distributed Port Group in your DvSwitches. When you create a Logical Switch, It will create DvPortgroup in all the associated dvSwitches which are part of the Clusters connected in the Global Transport Zone. So I have created a Logical Switch Called “Web-Tier”. I can see the PortGroups “VXW-dvs-53-virtualwire-2-sid-5000-web-Tier” is created in my both distributed switches.

Associate Virtual Machines to Logical Switch:

Once Logical switches are created, We need to associate the workloads (Virtual machines) with the logical switch created in the previous steps. Click on VM symbol to associate the virtual machines to this Logical Switch “Web-Tier”

Select the Virtual Machines from the list to associate with this logical switch (Web-Tier). I have associated the above 2 VM’s from different cluster into this logical switch. Click on Next.

For Multi-Nic VM’s, You can even select the specific vNic to connect to this Logical Switch (Web-Tier). My both VM’s are having only 1 vNic. Select the vNics and Click on Next.

Review the Settings selected and Click on Finish.

Simple Ping Test to prove the NSX Logical Switching:

Web-svr-1 – 172.168.10.11 (esxi-comp-01)

Web-svr-2 -172.16.10.12 (esxi-comp-02)

My ping to the VM “Web-svr-2” (172.16.10.12) from the VM “web-svr-1” (172.169.10.11) is success and I am receiving the ICMP reply for the ping request. This both VM’s are running in different hosts/Clusters but still my ping between the VM’s on the same logical switch is working well with the help of VXLAN.

When “web-svr-1” communicates to “web-svr-2”, it communicates over VXLAN transport network. When the VM communicates and the switch looks up the MAC address of Web-svr-2. the host is aware in its ARP/MAC/VTEP tables pushed to it by the NSX Controller where this VM resides. It is forwarded out into the VXLAN transport network. It is encapsulated within a VXLAN header and routed to the destination host based on the knowledge of the source host. Upon reaching the destination host the VXLAN header is stripped of and the preserved internal IP packet and frame continues to the host.

That’s it. We are done with Logical Switching. I hope you are clear with the concepts of NSX Logical Switch. We will discuss about Distributed Logical routing in upcoming posts. I hope this is informative for you. Thanks for Reading!!!. Be Social and share it in social media, if you feel worth sharing it.

ایجاد Segment ID و Transparent Zone در VMware NSX

Category : دسته‌بندی نشده

ایجاد Segment ID و Transparent Zone در VMware NSX

In the Previous post, We have discussed about configuring VXLAN on ESXi hosts. We will discuss about creating Segment Id and transport Zones in this post. You must specify a segment ID pool for each NSX Manager to isolate your network traffic.

Segment ID:

Segment ID range carves up the large range of VXLANs available for assignment to logical segments. If you have multiple NSX domains or regions you can assign a subset of the larger pool. Segment ID pools are subsequently used by logical segments for the VXLAN Network Identifier (VNI). Create Segment ID by Login to Web CLient ->Networking & Security -> Installation -> Logical Network Preparation -> Segment ID ->Click on Edit

The segment ID range determines the maximum number of logical switches that can be created in your infrastructure. Segment ID is like VLANs for VXLAN but with VXLAN, you can have 16,777,216 of them and VLAN is only limited from 1 to 4094. Segment IDs will form the basis for how you segment traffic within the virtualized network.It is possible to use values between 1 and 16 billion, VMware has decided to start the count at 5000 to avoid any confusion between a VLAN ID (ranges from 1 to 4094) and a VXLAN Segment ID. So your VXLAN ID starts from 5000. Here I use the segment range of 5000-10000. Click on OK.

Transport Zones:

A transport zone is created to delineate the width of the VXLAN/VTEP replication scope and control plane. This can span one or more vSphere clusters. A NSX environment can contain one or more transport zones based on the requirements.In simple terms, Global trasnport Zone is the boundary for group of clusters. Whatever logical switches you create and assign to the Global transport will become available as Distributed Port Group on your DvSwitch on every single cluster in the transport Zone. So these DVPort groups can be used to provide connectivity Virtual Machines which are attached to it. It’s a way to define which clusters of hosts will be able to see and participate in the virtual network that is being defined and configured.

To create Transport Zone -> Login to Web Client ->Networking & Security -> Installation -> Logical Network Preparation -> Transport Zones ->Click on +

Provide the Below information to create the New Transport Zone:

Name – Provide the name for your transport Zone. I named as “VXLAN-Global-Transport”

Description – Enter Description as per your wish

Replication Mode – This option enables you to choose one replication method that VXLAN will use to distribute information across the control plane. Here are the detailed explanation about each replication mode from VMware:

Multicast: Multicast IP addresses on physical network is used for the control plane. This mode is recommended only when you are upgrading from older VXLAN deployments. Multicast mode requires IGMP for a layer 2 topology and multicast routing for L3 topology
Unicast : The VXLAN control plane is handled by an NSX controller. All unicast traffic leverages headend replication. No multicast IP addresses or special network configuration is required.
Hybrid : Hybrid mode is local replication that is offloaded to the physical network and remote replication through unicast. This is also called as optimized unicast mode. This requires IGMP snooping on the first-hop switch, but does not require PIM. First hop switch handles traffic replication for the subnet.

Clusters – Select the Clusters which you want to be part of this transport zone.

Click on OK to create the Transport Zones. You will be able to see the created Trasnport Zone “VXLAN-Global-Transport” under the Transport Zones. We didn’t created any logical switches , so it displays value “0” under Logical switches tab.

We are done with creating Segment ID and Transport Zone. Next will be creating Logical Switches and attach it to virtual machines to enable the network communication. I hope this is informative for you. Thanks for Reading!!. Be Social and share it in Social media, if you feel worth sharing it.

پیکربندی VXLAN بر روی هاست ESXi

Category : دسته‌بندی نشده

پیکربندی VXLAN بر روی هاست ESXi

Once Cluster preparation is completed, It time to configure the VXLAN. Virtual Extensible LAN (VXLAN) enables you to create a logical network for your virtual machines across different networks. You can create a layer 2 network on top of your layer 3 networks. VXLAN transport networks deploy a VMkernel interface for VXLAN on each host. This is the interface that will encapsulate network segments packets if it needs to reach a guest on another host. By encapsulating via a VMkernel interface the workload is totally unaware of this process occurring. As far as the workload is concerned the two guests are adjacent on the same segment when infact they could be spanning many L3 boundaries.

To configure the VXLAN, Login to the Web Client > Networking & Security > Installation > Host Preparation-> Configure . A wizard will ask for VXLAN networking configuration details. This will create a new VMkernel port on each host in the cluster as the VXLAN Tunnel Endpoint (VTEP).

Provide the below options to configure the VTEP VMkernel Port:

Switch – Select the DvSwitch from the drop-down for attaching the new VXLAN VMkernel interface.
VLAN – Enter the VLAN ID to use for VXLAN VMkernel interface. Enter “0″ if you’re not using a VLAN, which will pass along untagged traffic.
MTU – The recommended minimum value of MTU is 1600, which allows for the overhead incurred by VXLAN encapsulation. It must be greater than 1550 and the underlying network must support the increased value. Ensure your distributed vSwitch (DSwitch) set MTU size more than 1600.
VMKNic IP Addressing – You can specify either IP Pool or DHCP for IP addressing. I don’t have DHCP in my environment. Select “New IP Pool” to create a new one same as we created during NSX controller deployment. I have used a IP pool called “ VXLAN Pool”

Enter the IP Pool Name, Gateway, Prefix Length, Primary DNS,DNS Suffix and Static IP Pool range for this New IP Pool and click on Ok to create the New IP Pool.

VMKNic Teaming Policy – This option is define the temaing policy used for bonding the vmnics (physical NICs) for use with the VTEP port group. I have left with the default Teaming policy “Static EtherChannel”
VTEP – I left the default one and it is not even allowed to configure ,if you choose “Static EtherChannel” as your Teaming policy.

Click on Ok to create the new VXLAN vmkernel interface in the ESXi hosts.

Once the VXLAN is configured, You will be able to see the status of the VXLAN is changed to “Enabled” for that particular cluster.

As discussed in previous steps, Configure the VXLAN for other clusters in your vCenter.

Both of my compute clusters are configured with VXLAN and VXLAN status turned to “Enabled”.

You can notice the VXLAN VMkernel interface is created for the ESXi hosts in the Compute clusters. It assigns the IP address for the VXLAN VMKernel interface from the IP Pool which we have created earlier.

You can verify the same from the Networking & Security > Installation > Logical Network Preparation>VXLAN Transport.

We are done with configuring VXLAN for ESXi hosts. We will configure Segment ID and transport Zones in the upcoming posts. I hope this is informative for you. Thanks for Reading!!!. Be Social and share it in social media, if you feel worth sharing it.

اطمینان حاصل کردن از نصب NSX VIBS از طریق هاستهای ESXi

Category : دسته‌بندی نشده

اطمینان حاصل کردن از نصب NSX VIBS از طریق هاستهای ESXi

In the previous post, we have discussed about preparing cluster and hosts for NSX. Once the installation is completed, The installation status will change with the Green Check Mark along with the NSX Version of code (6.1.0) running in the cluster along with Enabled Status for Firewall. Let us verify the NSX installation from ESXi host and what are the changes made to esxi host after the Host preparation. Successful host preparation on the cluster will do the following:

Install network fabric VIBs (host kernel components) on esx hosts in the cluster.
Configure host messaging channel for communication with NSX manager.Installs User World Agents (UWA).
Make hosts ready for Distributed Firewall, VXLAN & Distributed Router configuration.

Verify NSX User World Agent (UWA) Status:

The user world agent (UWA) is composed of the netcpad and vsfwd daemons on the ESXi host. UWA Uses SSL to communicate with NSX Controller on the control plane. UWA Mediates between NSX Controller and the hypervisor kernel modules,except the distributed firewall. Communication related to NSX between the NSX Manager instance or the NSX Controller instances and the ESXi host happen through the UWA. UWA Retrieves information from NSX Manager through the message bus
agent.

we can verify the status of User World agents (UWA) from CLI:

/etc/init.d/netcpad status

From the ESXtop, You can verify the Deamon called netcpa running:

User World Agents (UWA) maintain the logs at /var/log/netcpa.log

Verify Installation Status of NSX VIBs:

Below are the 3 NSX VIBs that get installed on the ESXi host:

esx-vxlan
esx-vsip
esx-dvfilter-switch-security

Let’s verify that the all the above VIBs are installed using the below command

esxcli software vib get –vibname esx-vxlan

esxcli software vib get –vibname esx-dvfilter-switch-security

esxcli software vib get –vibname esx-vsip

That’s it. We have verified the status of NSX ViBs installation on ESXi hosts. In the upcoming post, We will take look at configuring VXLAN. I hope this is informative for you. Thanks for reading!!!. Be Social and share it in social media, if feel worth sharing it.

آماده سازی Cluster و Host برای NSX

Category : دسته‌بندی نشده

آماده سازی Cluster و Host برای NSX

In the Previous Posts, We have talked about NSX Controller Deployment andValidating NSX Control Cluster status. This post we are going to walkthorugh about Preparing our Cluster and Hosts for NSX. We have configured NSX Manager and deployed Three NSX Controller. Now we have established both control and management plane. Next step is to prepare the ESXi hosts for NSX. This step is a simple tasks of few clicks to install required VIBs on the ESXi hosts.This step will install the variety of VIBS – VXLAN, distributed Firewall, Distributed Routing and user world agent into every ESXi host. You must select the entire cluster for the installer. so that it will install NSX bits on all the hosts in the cluster. NSX installs three vSphere Installation Bundles (VIB) that enable NSX functionality to the host.

One VIB enables the layer 2 VXLAN functionality, another VIB enables the distributed router, and the final VIB enables the distributed firewall. After adding the VIBs to a distributed switch, that distributed switch is called VMware NSX Virtual Switch.

Login to vCenter Server using vSphere Web Client and Navigate to Networking & Security > Installation > Host Preparation. Choose your cluster and click the Install link.

Note: The ESXi hosts are not required to place in Maintenance mode for this installation. All my virtual Machines are running on the hosts during this installation process.

During the installation Process, You can watch the installation tasks related to the NSX in Web Client or vSphere client.

Once the installation is completed, The installation status will change with the Green Check Mark along with the NSX Version of code (6.1.0) running in the cluster along with Enabled Status for Firewall. I have prepare only 2 clusters out of 3 cluster during this demo.

Once Cluster Preparation is completed, you can see the vxlan is loaded under custom stacks in TCP/IP configuration of the ESXi hosts.

We are done with Cluster and Host preparation for NSX. We will also verify the NSX VIB’s installation from ESXi in upcoming posts. I hope this is informative for you. Thanks for Reading!!!. Be Social and share it in social media, if you feel worth sharing it.

Other VMware NSX Related Posts:

VMware NSX Installation Part 1 – NSX Overview & Installation Prerequistes

VMware NSX Installation Part 2 – NSX Lab Design & Deploying NSX Manager

VMware NSX Installation Part 3 – Integrating NSX Manager with vCenter Server

VMware NSX Installation Part 4 – Deploying NSX Controller

VMware NSX Installation Part 5 – Checking NSX Controller Status

VMware NSX Installation Part 6 – Preparing Cluster and Hosts for NSX

VMware NSX Installation Part 7 – Verify NSX VIBs Installation from ESXi hosts

VMware NSX Installation Part 8 – Configuring VXLAN on the ESXi Hosts

VMware NSX Installation Part 9 -Create Segment ID and Transport Zones

VMware NSX Installation Part 10 – Create NSX Logical Switch

VMware NSX Installation Part 11 – Creating Distributed Logical Router