NSX-T

Configure NSX-T Enhanced Data path / Network Stack (ENS) for Nested ESXi

12/10/2019 by William Lam Leave a Comment

After publishing my Running Nested ESXi, NSX-V or NSX-T on top of NSX-T article which actually turned out to be quite popular, I received an interesting question on whether ENS for NSX-T could also be configured within a Nested ESXi deployment? I was a little familiar with ENS, which I will explain in a second. However, I was not completely sure about the benefits of running ENS in a Nested environment.

With the help from my friend Frank Escaros-Buechsel, who actually works in our NFV group at VMware. Frank helped validate the instructions but he also provided some additional insights on why this could be useful in a lab setup for verifying configuration and behaviors when additional tuning maybe required. If you are NOT running NFV-based workloads, ENS is not something you need to configure when running NSX-T using Nested ESXi.

So what is ENS? Enhanced Network Stack (ENS) also referred to as Enhanced Data Path is an NSX-T capability which was first introduced with NSX-T 2.3. ENS is specifically designed for Network Function Virtualization (NFV) workloads that require a high performance data path. Such workloads include Telco, 5G and IoT based deployments where improved packet throughput is critical for the responsiveness of these applications.

Running Nested ESXi, NSX-V or NSX-T on top of NSX-T

11/22/2019 by William Lam 5 Comments

Nested Virtualization is an extremely useful tool that helps customers easily test and try out new VMware products and solutions before rolling that into a proper development environment for further validation. This is especially handy for those wanting to setup an NSX-based environment and simulating their actual deployment topology, configuration and upgrade workflows.

In this past year, I have seen a 10x increase in the number of NSX-T based questions that have come up from customers and our field, the adoption of NSX-T is definitely in full swing. As expected, questions about running Nested ESXi on top of a physical NSX-T deployment has come up and there has actually been several variations that have been asked about whether that is Nested ESXi using VSS, VDS, NSX-V or even NSX-T running on top of an N-VDS, which is the virtual switch that NSX-T uses.

Luckily all of these combinations work and just require some basic configuration changes within NSX-T. However, before I continue, let me remind folks again that VMware does NOT officially support Nested Virtualization.

Customizing the NSX-T Login UI

10/29/2019 by William Lam 1 Comment

I have been doing some automation with NSX-T 2.5 lately and for troubleshooting and validation purposes, I obviously make use of the NSX-T UI. After each new deployment I need to login to verify a few things. Out of pure laziness, I really would like to be able to login with just a single click for development purposes. I certainly could use password manager but it would still be a couple of clicks but I was looking something slightly quicker and that could easily work in a number of environments that I have.

Looking around the filesystem of the NSX Unified Appliance, I found the structure for the login UI to be fairly similiar (thanks to VMware Clarity) to that of the vCenter Server Appliance (VCSA). I found that I could apply the same techniques I had used to customize the VCSA Login UI including setting up pre-filled credentials (no recommended for obvious reasons) on the NSX-T Appliance.

Disclaimer: This is not officially supported by VMware, use at your own risk. Please make sure to perform a backup of all original files prior to editing in case you need to restore back the system defaults.

How to debug NSX-T API Automation with PowerCLI?

10/25/2019 by William Lam Leave a Comment

I recently needed to deploy the latest version of NSX-T (2.5) for some work I was doing with Project Pacific and of course it was related to Automation 🙂 It has been some time since I have touched the NSX-T Manager API (2.0) and although most of my existing code still worked, there were some things that broke due to API deprecation and also net new functionality that I needed to use.

I normally use PowerCLI for my Automation work and/or for prototyping purposes, not only is it easy to do but PowerCLI is still one of the most popular tool used by our customers and it means that they can easily benefit from my work. However, one of my pet peeves when working with the NSX-T APIs and PowerCLI is simply the lack of useful error messages. Here is the generic error message that you would normally see even checking the $Error[0].Exception.ServerError variable, it generally does not contain anything useful or actionable.

A server error occurred: 'com.vmware.vapi.std.errors.invalid_request': . Check $Error[0].Exception.ServerError for more details.

Here is a concrete example where I am attempting to create a new Transport Zone but I am purposing leaving out a required parameter and as you can see from the output, the same generic error message is shown and not very actionable.

I normally debug NSX-T API issue whether it is a syntax or usage problem by SSH'ing to the NSX-T Manager and monitoring the actual API logs to figure out what is actually going. It usually has exactly what I am looking for in terms of the actual server error message along with details on how to fix the problem.

Connecting to NSX-T Policy API using NSX-T Private IP in VMC

05/30/2019 by William Lam 3 Comments

As explained in my Getting started with NSX-T Policy API in VMware Cloud on AWS (VMC) article, there are two ways in which you can interact with the NSX-T Policy API in VMC. The initial method is with the NSX-T Reverse Proxy which designed for initial setup including Edge Firewall and connectivity configuration (VPN/Direct Connect). Once you have enabled remote access from your network to the SDDC, you can continue using the reverse proxy method or you can connect directly to the NSX-T Manager via its private IP Address.

So how do you actually connect to the NSX-T Manager using its private IP? To be honest, this was not something I had to do before as I really like the simplicity of the reverse proxy but since this came up today in one of our VMC Slack channels, I figured I take a closer look.

NSX-T Policy API Explorer, Docs and Sample Updates for VMC

05/20/2019 by William Lam Leave a Comment

The VMware Cloud on AWS (VMC) in-product API Explorer is something that I use on a regular basis, especially for executing a quick tasks without needing to write a single line of code or for documentation purposes to understand the required parameter to a specific API. Today, the VMC API Explorer includes both the VMC Service and Cloud Services Platform API, but one key API that has been missing is the inclusion of the NSX-T Policy API.

With the release of VMC 1.7 which just came out a few days ago, customers will now be able to also access the NSX-T Policy API directly from within the VMC API Explorer! In addition to adding to the VMC API Explorer, the NSX team has also enhanced their Swagger JSON and documentation to provide a better developer experience when working with NSX-T in VMC.

NSX-T Policy API Explorer

The new NSX-T Policy API Explorer is only available for SDDCs running 1.7, which can be newly created SDDC or an SDDC that has been upgraded to 1.7. In addition, since there still SDDC running NSX-V, to view the new API Explorer, you will need to select an NSX-T 1.7 SDDC and then two new NSX-T API references will be available: NSX VMC Policy API and NSX VMC AWS Integrations API