VMworld 2013: Operational Best Practices for NSX in VMware Environments

Operational Best Practices for NSX in VMware

Environments

Ray Budavari, VMware

Thomas Kraus, VMware

NET5790

#NET5790

2 2

Agenda

Introduction - Network Virtualization

Operational Impacts

NSX for vSphere Components

Operational Tools

Demonstrations

Conclusion

3 3


1. Decouple

Physical

Virtual

2. Reproduce 3. Automate

Network

Operations

Cloud

Operations

Hardware

independence

Operational benefits

of virtualization No change to network

from end host perspective

Virtual

Physical

4 4

Agenda


Operational Impacts


Operational Tools

Demonstrations

Conclusion

5 5

Operational Impacts - Questions

If a Virtual Machine has a network outage where do I start?

How does network virtualization map to our operating model?

What tools exist to correlate logical and physical networks to

assist in troubleshooting?

What opportunities does network virtualization provide to improve

how we operate our environment?

Are we adding complexity

by adopting network

virtualization?

Does network virtualization

create a ‘black box’?

6 6

Operational Impacts - Answers

Capability Physical Virtual Capability Physical Virtual

Packet Capture ✔ ✔ VM level

visibility ✗ ✔ NetFlow

✔ ✔ Network

Snapshot ✗ ✔ RSPAN/ERSPA

N ✔ ✔ CLI ✔ ✔ Performance

Statistics ? ✔ UI ? ✔ Syslog ✔ ✔ API ? ✔

7 7

Operational Impacts - Opportunities

All NSX components such as the NSX Controller, NSX vSwitch and

NSX Edge provide detailed network visibility and data

Simplify the underlying physical network

• One consistent physical transport network to manage for virtual machine traffic

• Greatly reduces the number of MAC/ARP table entries to manage

• Enables you to build the network you want, while still meeting application and

workload connectivity requirements

DC Networks

Centralized reporting and

monitoring, distributed

performance and scale

Designed for automation

• NSX is built on a REST API

provided by NSX Manager

• All operations can be performed

programmatically via scripting or

higher-level languages

8 8

Operational Impacts - Examples

If a Virtual Machine has a network outage where do I start to troubleshoot?

Before Network Virtualization:

• Validate VLAN trunk configuration across multiple devices and ports

• Verify VM visibility on each path of the network

• Troubleshooting requires accessing different devices and interfaces

• vSphere Web Client

• Hypervisor CLI

• Access Switch CLI

• Distribution Switch CLI

• Firewall

• Load Balancer

• These devices are typically managed by different teams

• Virtualization Administrators

• Network Administrators

• Security Administrators

• Service Providers

9 9

Operational Impacts - Examples

After Network Virtualization:

• VXLAN network tests determine if the issue is related to the transport network

• If VTEPs are reporting issues, engage the network team to troubleshoot physical

transport network

• Provide VTEP IP/MAC information

• Otherwise virtualization team validates VM logical networking

• Verify NSX Components and Controller state information

• Verify Source and Destination Hypervisors

• Enhanced toolset is available for troubleshooting

• Reduced number of components and resources required

• NSX components can be queried or configured via REST API

10 10

Agenda


Operational Impacts


Operational Tools

Demonstrations

Conclusion

11 11


Consumption

• Self Service Portal

• Cloud Management

• vCloud Automation Center

Data

Plane

NSX Edge

Services

Gateway

ESXi

VDS

Hypervisor Kernel Modules

Firewall Distributed

Logical Router

VXLAN

NSX vSwitch

• NSX Edge

• VM form factor

• Data Plane for North South

traffic

• Routing and Advanced

services

• NSX vSwitch

• Distributed network edge

• Line Rate performance

Management

Plane

NSX Manager • Single point of configuration

• REST API and UI interface

vCenter Server

Control

Plane

NSX Controller • Manages Logical networks

• Run-time state

• Does not sit in the Data Path

• Control-Plane Protocol

NSX Edge

Logical Router User World Agent

12 12

Components – NSX Manager

• NSX for vSphere centralized management plane

• 1:1 mapping between an NSX Manager and vCenter Server

• Provides the management UI and API for NSX

• vSphere Web Client Plugin

• Deploys NSX Controller and NSX Edge Virtual Appliances (OVF)

• Installs VXLAN, Distributed Routing and Firewall kernel modules and UW

Agent on ESXi hosts

• Configures Controller

Cluster via a REST API

and hosts via a

message bus

• Generates certificates to

secure control plane

communications

13 13

Components – NSX Controller

A reliable and secure control plane to distribute VXLAN and Logical

Routing network information to ESXi hosts

NSX Controllers are clustered for scale out and high availability

Network information is sliced across nodes in a Controller Cluster

Enables dependency on multicast routing/PIM in the physical network to

be removed

Provides suppression of ARP broadcast traffic in VXLAN networks

VXLAN

Logical Router

VXLAN

Logical Router

VXLAN

Logical Router

Controller

VXLAN Directory

Service

MAC table

ARP table

VTEP table

14 14

Components – UW agent

UW agent is a TCP (SSL) client that communicates with the Controller using

the control plane protocol

May connect to multiple controllers

Mediator between the ESXi Hypervisor Kernel Modules and NSX Controllers

Also communicates with message bus agent to retrieve information from|

NSX Manager

Runs as a service daemon on ESXi: netcpa

• Logs to: /var/log/netcpa.log

Controller

Cluster Controller Controller Controller

ESXi Host

Kernel

Modules

Client Client User World

Agent

LR

NSX

MGR

Client

VXLAN

15 15

Components – NSX vSwitch and NSX Edge

NSX vSwitch (VDS)

VMkernel Modules

VXLAN

Distributed Routing

Distributed Firewall

Switch Security

Message Bus

L3-L7 Services:

NAT, DHCP, LB, VPN, Interface based

FW

Dynamic Routing

VM form factor

High Availability

vSphere NSX Edge Services GW

Control Functions only

Dynamic Routing &

updates to Controller

Determines active ESXi

host for L2 Bridging

NSX Edge Logical Router

ESXi

VDS

Hypervisor Kernel Modules

(vSphere VIBs)

Firewall Logical Router VXLAN

NSX vSwitch

NSX Edge

Services

Gateway

NSX Edge

Logical

Router

16 16

Agenda


Operational Impacts


Operational Tools

Demonstrations

Conclusion

17 17

Operational Tools – ESXi

pktcap-uw

New with vSphere 5.5

Enhanced tool that provides a framework for packet capture and tracing at the

Uplink, vSwitch, vmknic, vnic and port level at any stage in a packet’s lifecycle

18 18

Operational Tools – ESXi

pktcap-uw

Extensive range of filters

such as source/destination

mac, IP, Protocol, VLAN,

VXLAN, ports etc.

Supports pcap format

output for use with protocol

analyzers such as

Wireshark

19 19

Operational Tools – NSX vSwitch Backup & Restore

vSwitch Backup & Restore

20 20

Operational Tools – NSX vSwitch Netflow

NetFlow / IPFIX

NetFlow collector

address and port

21 21

Operational Tools – NSX vSwitch RSPAN/ERSPAN

RSPAN/ERSPAN, Port Mirroring

22 22

Operational Tools – NSX vSwitch Alarms

vSwitch Alarms allow for alerting on VDS related events. Some of the

available preconfigured Triggers include Health Status, Reconfiguration,

Port blocked, Port Deleted, Link Down and Host removal

SNMP Network MIBs provide standards based visibility of NSX vSwitch

objects

23 23

Operational Tools – NSX vSwitch Health Check

Network Health Check feature helps to detect common configuration errors

Mismatched VLAN trunks between virtual switch and physical switch

Mismatched MTU setting between vNIC, virtual switch, physical adapter, and physical switch ports.

Mismatched Teaming Configurations

vSphere admins can provide failure data to the Network admins to facilitate problem resolution

Health Check uses

L2 Echo protocol to

send Ethernet

broadcast frames to

the physical switch

If reply packets are

not received,

warnings are

highlighted in the

vSphere Web Client

24 24

vSphere Cluster B

UWA VTEP

UWA VTEP

UWA VTEP

Operational Tools – NSX Controller

Control Plane basics

ESXi hosts and NSX Edge Logical

Router VMs collect network

information, which is then reported

to the Controller via User World

Agent (UWA)

The NSX Controller CLI provides a

consistent, centralized interface to

verify VXLAN and Logical Routing

network state information

NSX Manager also provides APIs to

programmatically retrieve data from

the controller nodes

NSX Manager

NSX

Controller

Cluster

vSphere Cluster A

UWA VTEP

UWA VTEP

UWA VTEP

25 25

Operational Tools – NSX Controller VTEP Report

vSphere Host

VM

vSphere Distributed Switch

MAC1

Management

Network

10.20.10.10

vSphere Host

VM

MAC2

vSphere Host

Send VNI,VTEP

Mapping to

Controller

1

2

5

10

VXLAN 5001

3

VNI VTEP IP

5001 10.20.10.10

9

IP1 IP

2

Controller

VNI VTEP IP

5001 10.20.10.10

VNI VTEP IP

5001 10.20.10.11

10.20.10.11 10.20.10.12

11

6 7

VNI VTEP IP

5001 10.20.10.10

10.20.10.11

VNI VTEP IP

5001 10.20.10.10

10.20.10.11

4 8

10

VNI VTEP IP

5001 10.20.10.10

10.20.10.11

11

Report the new

VNI,VTEP

Mapping to the

Hosts

26 26


General NSX Controller troubleshooting steps:

• Verify Controller cluster status and roles

• Verify Controller node network connectivity

• Check Controller API service

• Validate VXLAN and Logical Router mapping table entries to ensure they are consistent

• Review source and destination netcpa logs and CLI to determine control plane connectivity issues between ESXi hosts & NSX Controller

The first set of commands relates to NSX Controller CLI cluster status and health:

• nsx-controller # show control-cluster status

• nsx-controller # show control-cluster startup-nodes

• nsx-controller # show control-cluster roles

• nsx-controller # show control-cluster connections

• nsx-controller # show control-cluster vnet core stats

• nsx-controller # show network <arg>

• nsx-controller # show log cloudnet/cloudnet_java-vnet-controller.<start-time-stamp>.log

27 27


General NSX Controller VXLAN operations:

• List VNIs

• VXLAN connection table

• Verify VXLAN VTEP, MAC and ARP mapping tables

• View VXLAN statistics

NSX Controller CLI VXLAN commands:

• # show control-cluster vnet vxlan vni <vni>

• # show control-cluster vnet vxlan connection-table <vni>

• # show control-cluster vnet vxlan vtep-table <vni>

• # show control-cluster vnet vxlan mac-table <vni>

• # show control-cluster vnet vxlan arp-table <vni>

• # show control-cluster vnet vxlan vni-stats <vni>

Note: VXLAN Logical Switches and Logical Router instances are distributed across Controller Nodes (slicing), so you will need to run the CLI commands on the node which is active for a given object

28 28


General NSX Controller Logical Routing operations:

• List Logical Router instances

• Verify Logical Router interface and route mapping tables

• Verify active controller connections

• View Logical Router statistics

NSX Controller CLI Logical Routing commands:

• # show control-cluster vnet logical-router instance-table <lr-id>

• # show control-cluster vnet logical-router lif-table <lr-id>

• # show control-cluster vnet logical-router route-table <lr-id>

• # show control-cluster vnet logical-router lr-stats <lr-id>

Note that the NSX Controller CLI is still not final

29 29

Operational Tools – VXLAN

Common VXLAN issues:

• Connectivity between VXLAN VTEPs on Transport Network

• MTU on Transport Network not set to 1600 bytes or greater

• Teaming mismatch between dvUplinks and upstream switch

• Preparation - either with the installation of VXLAN kernel modules or creation of VTEP VMkernel interfaces

• ESXi host communication with Controller

NSX for vSphere provides a new workflow for preparation and configuration

Supports multiple VTEPs per host

NSX leverages the vSphere 5.5 multi-instance TCP/IP stack

30 30


At Logical Switch level on the Monitoring Tab you can use the

unicast or broadcast test to verify the connectivity between VTEPs

VXLAN standard tests

with a 1600 byte MTU

31 31


The VXLAN Replication Mode will also determine transport network

connectivity requirements

Unicast Mode

• All replication occurs using

unicast

Hybrid Mode

• Local replication offloaded to

physical network, while remote

replication occurs via unicast

Multicast Mode

• Requires IGMP for a Layer 2

topology and Multicast Routing

for L3 topology

All modes require an MTU of

1600 bytes

32 32


VXLAN namespace for esxcli provides detailed network information and statistics. • # esxcli network vswitch dvs vmware vxlan list

• # esxcli network vswitch dvs vmware vxlan network list --vds-name=Compute_VDS

• # esxcli network vswitch dvs vmware vxlan network mac list –vds-name=Compute_VDS --vxlan-id=5001

• # esxcli network vswitch dvs vmware vxlan network arp list --vds-name Compute_VDS --vxlan-id=5001

• # esxcli network vswitch dvs vmware vxlan network port list --vds-name Compute_VDS --vxlan-id=5001

• # esxcli network vswitch dvs vmware vxlan network stats list --vds-name Compute_VDS --vxlan-id=5001

33 33

Operational Tools – Logical Routing

Use the net-vdr command on ESXi hosts to view Logical Routing configuration and statistics

• Display Logical Router instances ~ # net-vdr -I –l

• List Logical Interface and Routing Tables ~ # net-vdr -l –lif <instance-name> ~ # net-vdr -l --route <instance-name>

LIFs and routes are pushed by the NSX controller to the ESXi hosts and should be consistent across the environment

• View L2 Bridging information ~ # net-vdr -b –mac <instance-name> ~ # net-vdr -l –stats <instance-name>

34 34

Operational Tools – NSX Edge Services

NSX Edge VM CLIs

• NSX Edge provides a familiar CLI command set for troubleshooting network services

• Documented in a dedicated CLI guide

Sample Configuration Commands

• show configuration {ospf|bgp|isis|static-routing}

• show configuration {firewall|nat|dhcp|dns}

• show configuration {loadbalancer|ipec|sslvpn-plus}

Sample Status Commands

• show interface [IFNAME]

• show firewall

• show ip {route|ospf|bgp|forwarding}

• show arp

• show system {cpu|memory|network-stats|storage|uptime}

• show service {dhcp|dns|highavailability|ipsec|loadbalancer|sslvpn-plus}

35 35


API provides based statistics (for interfaces and services)

UI also provides interface statistics and graphs

36 36


Logging commands

• show log {follow|reverse}

• show flowtable

Debug/troubleshooting commands

• traceroute <ip_address or dns_name>

• ping <ip address> or ping interface addr <alternate_src_ip> <ip_address>

• debug packet display interface <vNic_0-9> <EXPRESSION>

• debug packet display interface vNic_0 host_192.168.1.2

• debug packet display interface vNic_2 host_192.168.1.3_and_port_80

• debug packet display interface vNic_1 src_192.168.1.2_and_dst_192.168.1.3

• debug packet capture interface <vNic_0-9> <EXPRESSION>

• debug show files

• debug copy {scp|ftp} <URL>

debug messagebus {forwarder|messages}

37 37

Operational Tools – Flow Monitoring

Flow monitoring provides vNIC level visibility of VM traffic flows

Reporting on Top Flows, Destinations and Sources

Detailed Flow Data for both Allowed and Blocked Flows

38 38

Operational Tools – Flow Monitoring

Flow data easily available through UI or via API for orchestration

Per flow granularity for Allowed and Blocked with ability to add or

edit firewall rules related to the flow.

39 39

Operational Tools – NSX Manager

Perform Backup & Restore

operations (both scheduled

and on-demand)

NSX Manager Appliance

Upgrades

Verify status of NSX

Manager Services

Generate Tech support logs

View appliance CPU,

Memory and Disk usage

40 40

Operational Practices – vCenter Operations Manager

Dashboard based view of environment

Monitor overall health of NSX vSphere Management and Control

Layer components and diagnose issues quickly

Networking and Security metrics

41 41

Operational Tools – Syslog

Syslog is supported across all NSX components

• 1) NSX Manager

• 2) NSX Controllers

• 3) NSX Edges

• 4) ESXi Hosts

1

2

3

4

42 42

Operational Practices – Log Insight

Consolidation, visualization, and correlation of syslog data from

multiple related components in a Software Defined Datacenter

Build Custom Dashboards for real time monitoring and trending

Customize Log interpretation Logic to parse using regex, int, str

43 43

Operational Tools – REST API

NSX Manager exposes web service API over HTTPS (TCP 443)

API request and response data is formatted in XML

Simple “single-user” authentication using password

REST principles:

• Leverages HTTP to send data between Clients and Servers (Requests and Responses)

• Resources, Global Permanent Identifiers, Constraints

44 44

Agenda

NSX Platform / Network Virtualization

Operational Impacts


Operational Tools

Demonstrations

Conclusion

45 45

NSX for vSphere Demonstrations

1. Packet capture of encapsulated VXLAN frames

2. Flow Monitoring

46 46

Key Takeaways & Best Practices

VMware NSX provides a unified platform for administering,

monitoring, and supporting your virtual networks and services

NSX enables a similar operational model for virtual networks as

vSphere does for virtual machines

Moving network features to logical space simplifies physical

networks and troubleshooting

Start with the basics when troubleshooting (transport network and

control plane)

Understanding the component interactions and toolset is key to

NSX operations

Enable logging on all components ‘before’ you have issues and

familiarize yourself with how to collect support logs

Automate repeatable steps via the REST API to reduce error

Take the NSX for vSphere Hands on Lab: HOL-SDC-1303 to

reinforce concepts from this session

47 47

Questions

48 48

Backup Slides

49 49

Network Virtualization - Operations

• Overall Logical network

health/stats

• VM to VM connectivity

• Per VM flow visibility

• Traffic Analysis – Packet

Capture

• Transport/Tunnel health

• Inventory/Fault Mgmt

• Multi-level Logging, Event

tracking and Auditing

• Physical network

troubleshooting/visibility

• Upgrade Management

Cloud Ops or Network Ops

vSwitch

NSX Edge ESXi ESXi ESXi ESXi

vSwitch vSwitch vSwitch vSwitch

L2

Logical Topology

L2

WAN/Internet

What are the key capabilities required for

operating a Logical world?

Controller Cluster

NSX Manager

50 50

NSX Operations – Capabilities

NSX Optimized for vSphere

Logical Network Health UI: NSX Manager

CLI: Central NSX Controller, NSX Edge

VM to VM connectivity (Logical) NSX Controller Central CLI, Host level CLI

Traffic Flow visibility IPFIX (VDS)

NSX Edge – Flow Monitoring

Traffic Analysis per VM RSPAN/ERSPAN (VM Traffic)

Host Packet Capture (Overlay)

Network Inventory, Fault Management NSX Manager, SNMP (MIBS for ports, Switch etc)

Multi-level logging, Event tracking &

Auditing

Syslog Export (NSX controller, NSX Manager, NSX

Edge etc.)

Transport (Overlay) Health NSX Manager Connectivity Check

NSX Controller Central CLI, Per host CLI

Upgrade Management NSX Manager (Automated VIB and Controller

upgrades)

API visibility NSX Manager API

External Tools Custom, VCOPs, Log Insight

51 51

NSX System Architecture

Cloud Management System

vCenter Server NSX Manager

Management Plane

Control Plane

NSX Edge

Logical

Router NSX Controller

Data Plane

NSX Edge

Services

Gateway

VXLAN DR DFW Security VXLAN DR DFW Security VXLAN DR DFW Security

vSphere API

Me

ssag

e B

us

vS

ph

ere

A

PI

REST API

NSX vSwitch

Control Plane Protocol

Control Plane

Protocol

REST API vSphere API

UWA

CP Protocol

52 52

Control Plane Protocol

Control plane protocol

• All messages are TLVs

• Categorized into primitives:

• Connection management, negotiation, etc:

• Hello, bye, keepalive

• App specific:

• Open, close, notification, update, query

• Extensible.

• App ID in message common header.

VXLAN sub protocol • Update and query messages contains one

or more TLVs for different data types:

VM IP, VM MAC, VTEP

53 53

VXLAN Control Plane Security

UW

Agent VTEP

UW

Agent VTEP

UW

Agent VTEP

vSphere Cluster B

UW

Agent VTEP

UW

Agent VTEP

UW

Agent VTEP

vSphere Cluster A

Controller Cluster

NSX Manager DB

1 Certificate

Generation

2 OVF

Deployment 3 Message Bus

4 REST API

NSX Manager

5 SSL 5 SSL

5 SSL

54 54

Operational Practices – NSX Controller MAC Report

vSphere Host

VM


MAC1

Management

Network

10.20.10.10

vSphere Host

VM

MAC2

vSphere Host

Send VNI,VM

MAC Mapping

and VTEP IP to

Controller

1

2

5 VXLAN 5001

3

IP1 IP

2

Controller

VNI VM MAC

5001 MAC1

VNI VM MAC

5001 MAC2

10.20.10.11 10.20.10.12

6 7

4 8

VNI VM MAC VTEP

5001 MAC1 10.20.10.10

VNI VM MAC VTEP

5001 MAC1 10.20.10.1

0

5001 MAC2 10.20.10.1

1

55 55

Operational Tools – NSX Controller IP Report

vSphere Host

VM


MAC1

Management

Network

10.20.10.10

vSphere Host

VM

MAC2

vSphere Host

Send VM MAC,

IP Mapping and

VNI to Controller

1

2

5 VXLAN 5001

3

IP1 IP

2

Controller

VNI VM

IP

VM

MAC

5001 IP1 MAC1

VNI VM

IP

VM

MAC

5001 IP2 MAC2

10.20.10.11 10.20.10.12

6 7

4 8

VNI VM IP VM MAC

5001 IP1 MAC1

VNI VM IP VM MAC

5001 IP1 MAC1

5001 IP2 MAC2

56 56

Controller Based VXLAN – ARP Request

vSphere Host

VM


MAC1

Management

Network

10.20.10.10

vSphere Host

VNI VM

IP

VM

MAC VTEP

5001 IP1 MAC

1

10.20.10.1

0

VM

MAC2

vSphere Host

1

2

VXLAN 5001

3

IP1 IP2

Controller

10.20.10.11 10.20.10.12

6 5

VNI VM

IP

VM

MAC VTEP

5001 IP1 MAC1 10.20.10.10

5001 IP2 MAC2 10.20.10.11

4

Payload L2 DA: Broadcast

SA: MAC1

ARP Request for

VM IP2 sent to

Controller

ARP Report for

VM IP2, MAC2

sent to VTEP

10.20.10.10

VNI VM

IP

VM

MAC VTEP

5001 IP1 MAC1 10.20.10.10

5001 IP2 MAC2 10.20.10.11

57 57

Controller Based VXLAN – Communication after ARP Resolution

vSphere Host

VM


MAC1

VXLAN Transport

Network

10.20.10.10

vSphere Host

VM

MAC2

vSphere Host

7

8

VXLAN 5001

IP1 IP2

Controller

10.20.10.11 10.20.10.12

9

VNI

V

M

IP

VM

MAC VTEP

5001 IP1 MAC1 10.20.10.10

5001 IP2 MAC2 10.20.10.11

Payload L2 DA: MAC2

SA: MAC1

L2 IP UDP VXLAN Payload L2

DA: 10.20.10.11

SA: 10.20.10.10 5001

10

DA: MAC1

SA: MAC2

VNI VM

IP

VM

MAC VTEP

500

1 IP1 MAC1 10.20.10.10

500

1 IP2 MAC2 10.20.10.11

VNI VM

IP

VM

MAC VTEP

500

1 IP2 MAC2 10.20.10.11

VNI VM

IP

VM

MAC VTEP

500

1 IP2 MAC1 10.20.10.11

500

1 IP1 MAC2 10.20.10.10

58 58


Download Edge Gateway Tech Support Logs using the Web Client

Or from NSX Edge CLI using the following command

NSX-Edge1-0# export tech-support scp user@scpserver:file

59 59


• VERB = GET

• URI = https://<NSX Manager Hostname>/api/2.0/vdn/scopes

• HEADERS = Authorization

• HTTP Body = N/A

• RESPONSE: Search for the id of scope:

<id>vdnscope-X</id>

60 60


• VERB = POST

• URI = https://<NSX Manager

Hostname>/api/2.0/vdn/scopes/vdnscope-1/virtualwires

• HEADERS = Authorization, Content-Type

• HTTP Body =

<virtualWireCreateSpec>

<name>Test-Logical-Switch-01</name>

<description>Created via REST API</description>

<tenantId>virtual wire tenant</tenantId>

<multicastProxy>true</multicastProxy>

<disableMulticast>true</disableMulticast>

</virtualWireCreateSpec>

61 61


• Response: 201 Created

• The Response Body provides the virtualwire-id, which can be used for additional

operations (eg, attaching to a Logical Router LIF or for Distributed Firewall rules)

62 62

Demo 1 (3 mins) - Script

Component Installation

• NSX Manager

• NSX Controller Cluster

Preparation

• Login to ESXi host (destination)

• Add Logical Switch

• Connect VMs to Logical Switch

Data Collection

• Start data collection on destination host, output to a share (that is also accessible on analyzer)

• Connect VMs to Logical Switch

• Generate some traffic

• Stop data collection

• Start Wireshark and open pcap file

• Enable VXLAN decoder

• Walk through packet data format (VXLAN headers, unicast mode etc)

• Show anything else ? Controller CLI/esxcli ?

63 63

References

Other VMworld breakouts – VXLAN troubleshooting,

Security operations

VMware Networking and Security Booth

Hands on Lab: HOL-SDC-1303 VMware NSX to gain hands

on experience

Expert Bar/Group Discussions

64 64

Other VMware Activities Related to This Session

HOL:

HOL-SDC-1303

VMware NSX Network Virtualization Platform

NET5790

THANK YOU

Operational Best Practices for NSX in VMware

Environments

Ray Budavari, VMware

Thomas Kraus, VMware

NET5790

#NET5790

VMworld 2013: Operational Best Practices for NSX in VMware Environments

Technology

Transcript of VMworld 2013: Operational Best Practices for NSX in VMware Environments