So instead of using the old point-click method of navigating NSX to find an IP address, firewall rule or service definition, I often find myself using PowerNSX to find that same information.
It’s always difficult organising links to various resources for a particular piece of technology in your bookmarks. Speaking for myself, the list of bookmarks starts with the best of intentions, all nicely organised with tags and in the correct folders, but over time as I am sure most people can attest to; it becomes very dis-organised and a bit of a mess.
Continue reading “My list of NSX-v resources”
In NSX-v 6.2.3 a new feature to aid troubleshooting and operations got introduced, called Central CLI for Packet Capture. The feature is intended to reduce the administrative burden of logging onto any ESXi host to start a packet capture. The ability to perform packet captures for troubleshooting network issues is something all network guys do from time to time and using a network virtualisation platform such as VMware NSX for vSphere it’s no different. Therefore, in this post, I will go through the process of initiating a packet capture using the NSX-v Central CLI for a VM that is misbehaving.
Documenting firewall configuration is challenging at the best of times, in most enterprise networks there are tens of thousands of lines of ACLs that have been added organically over time to any number of firewalls. Documentation of said policy is normally the actual configuration that you see on the console in front of you, which is great but depending on the vendor it may be difficult to extract that data into a more usable format. Continue reading “Documenting the NSX-v DFW with PowerNSX”
Why you would want to execute tasks via the NSX API asynchronously is a good question, and, can be answered with two words “Parallel Workflows”. In a Software Defined Datacenter (SDDC) where automation is extensively used, it may be beneficial to execute tasks asynchronously so that your automation workflow can continue while a certain NSX logical construct is built (deployed), one such example is an Edge Services Gateway. This same framework also provides us the ability to query the status of the job to verify if it has been successful or not, which can be quite important if you need to check if a logical component is configured or not. Continue reading “NSX-v: ESG – submitting tasks via the API Asynchronously”
Below is diagram to visually see the communications (protocol/port) of the NSX-v (6.2.x) components. The focus of the diagram is from an NSX-v viewpoint. Therefore, I haven’t included the comms for vSphere, and it’s relevant components. Continue reading “NSX-v Communications Diagram”
Application rules in NSX for vSphere allow you to create advanced load balancing rules which may not be possible with the application profile or services natively available on the Edge Services Gateway (ESG). However, the ESG enables you to add your specific application rules to support your load balancing scenario; application rules are built using HA Proxy syntax. Continue reading “NSX-v Load Balancer Application Rules”
Capturing packets on the NSX Edge is relatively simple, the ESG uses similar capture syntax to that of TCPDUMP with a few minor caveats, which I will cover in this post.
When doing a packet capture, the primary thing to do is to identify the interface you want to capture traffic on and then define the traffic capture filter, which will ensure you only capture the packets that your interested in. This will cut down the noise and leave you with a fairly clean packet capture, however there is no reason you can’t just capture everything. Continue reading “NSX-V Edge (ESG) Packet Capture”