NSX-T

Quick Tip – How do I tell if NSX-V or NSX-T is installed?

06/14/2018 by William Lam Leave a Comment

This question came up last week asking for a programmatic method to identify whether NSX-V or NSX-T is deployed in your environment. With NSX-V, vCenter Server is a requirement but for NSX-T, vCenter Server is not a requirement, especially for multi-hypervisor support. In this post, I will assume for NSX-T deployments, you have configured a vCenter Compute Manager.

Both NSX-V and NSX-T uses the ExtensionManager API to register themselves with vCenter Server and we can leverage this interface to easily tell if either solutions are installed. NSX-V uses the com.vmware.vShieldManager string to identify itself and NSX-T uses the com.vmware.nsx.management.nsxt string to identify itself.

Here is a quick PowerCLI snippet that demonstrates the use of the vSphere API to check whether NSX-V or NSX-T is installed and provides the version shown in the registration:

$extensionManager = Get-View ExtensionManager

foreach ($extension in $extensionManager.ExtensionList) {
    if($extension.key -eq "com.vmware.vShieldManager") {
        Write-Host "NSX-V is installed with version"$extension.Version
    } elseif($extension.key -eq "com.vmware.nsx.management.nsxt") {
        Write-Host "NSX-T is installed with version"$extension.Version
    }
}

$extensionManager = Get-View ExtensionManager

foreach ($extension in $extensionManager.ExtensionList) {

if($extension.key -eq "com.vmware.vShieldManager") {

Write-Host "NSX-V is installed with version"$extension.Version

} elseif($extension.key -eq "com.vmware.nsx.management.nsxt") {

Write-Host "NSX-T is installed with version"$extension.Version

}

Here is a screenshot from my environment which has both NSX-V (6.4) and NSX-T (2.1) installed:

Note: Due to some current testing, I have not upgraded my NSX-T deployment to the latest 2.2 release, so I do not know if the version gets bumped to match the actual released version

vGhetto Automated Pivotal Container Service (PKS) Lab Deployment

06/12/2018 by William Lam 3 Comments

While working on my Getting started with VMware Pivotal Container Service (PKS) blog series awhile back, one of the things I was also working on was some automation to help build out the required infrastructure NSX-T (Manager, Controller & Edge), Nested ESXi hosts configured with VSAN for the Compute vSphere Cluster and Pivotal Ops Manager. This was not only useful for my own learning purposes, but that I could easily rebuild my lab if I had messed something up and allowed me to focus more on the PKS solution rather than standing up the infrastructure itself.

To be honest, I had about 95% of the script done but I was not able to figure out one of the NSX-T APIs and I got busy and had left the script on the back burner. This past weekend while cleaning out some of my PKS research documents, I came across the script and funny enough, in about 30minutes I was able to solve the problem which I was stuck for weeks prior. I just finished putting the final touches on the script along with adding some documentation. Simliar to my other vGhetto Lab Automation scripts, I have created a Github repo vGhetto Automated PKS Lab Deployment

UPDATE (06/19/18) - I have just updated the script to also include the deployment and configuration of the PKS components (Ops Manager, BOSH Director, Harbor & Stemcell). The script by default will now configure everything end-2-end and you will have a fully functional PKS environment that you can start playing around with. For complete details, please see the Github repo which has the updated requirements and documentation. Below is a screenshot of the PKS deployment and configuration which requires the use of the Ops Manager CLI (OM).

The script will deploy the following components which will be placed inside of a vApp as shown in the screenshot below:

NSX-T Manager
NSX-T Controller x 3 (though you technically only need one for lab/poc purposes)
NSX-T Edge
Nested ESXi VMs x 3 (VSAN will be configured)
Ops Manager

The script follows my PKS blog series and automates Part 3 (NSX-T) and the start of Part 4 (Ops Manager deploy), please refer to these individual blog posts for more information. The goal of the script is to enable folks to jump right into the PKS configuration workflows and not have to worry about setting up the actual infrastructure that is needed for PKS. Once the script has finished, you can jump right into Ops Manager and start your PKS journey.

Here is a sample execution of the script which took ~29 minutes to complete.

The full requirements for using the script be found on the Github repo and below are the software versions that I had used to deploy and configure PKS:

Getting started with VMware Pivotal Container Service (PKS) Part 3: NSX-T

03/28/2018 by William Lam 5 Comments

In this article, we are now going to start configuring NSX-T so that it will be ready for us to install PKS and consume the networking and security services provided by NSX-T. The result is that PKS can deliver on demand provisioning of all NSX-T components: Container Network Interface (CNI), NSX-T Container Plugin (NCP) POD, NSX Node Agent POD, etc) automatically when a new Kubernetes (K8S) Cluster is requested, all done with a single CLI or API call. In addition, PKS also provides a unique capability through its integration with NSX-T to enable network micro-segmentation at the K8S namespace level which allows Cloud/Platform Operators to manage access between application and/or tenant users at at a much finer grain level than was possible before which is really powerful!

As mentioned in the previous blog post, I will not be walking through a step-by-step NSX-T installation and I will assume that you already have a basic NSX-T environment deployed which includes a few ESXi host prepped as Transport Nodes and at least 1 NSX-T Controller and 1 NSX-T Edge. If you would like a detailed step by step walk through, you can refer to the NSX-T documentation here or you can even leverage my Automated NSX-T Lab Deployment script to setup the base environment and modify based on the steps in this article. In fact, this is the same script I have used to deploy my own NSX-T environment for PKS with some minor modification which I will be sharing at a later date.

If you missed any of the previous articles, you can find the complete list here:

ESXi host with network redundancy using NSX-T and only 2 pNICs?

03/27/2018 by William Lam 4 Comments

In todays data centers, it is not uncommon to find servers with only 2 x 10GbE network interfaces, this is especially true with the rise of Hyper-Converged Infrastructure over the last several years. For customers looking to deploy NSX-T with ESXi, there is an important physical network constraint to be aware of which is quickly mentioned in the NSX-T documentation here.

For example, your hypervisor host has two physical links that are up: vmnic0 and vmnic1. Suppose vmnic0 is used for management and storage networks, while vmnic1 is unused. This would mean that vmnic1 can be used as an NSX-T uplink, but vmnic0 cannot. To do link teaming, you must have two unused physical links available, such as vmnic1 and vmnic2.

As shown in the diagram below, an ESXi host with only two physical NICs can not provide complete network redundancy as each pNIC can only be associated with a single switch (VSS/VDS or the new N-VDS) as pNICs can not be shared across switches.

For customers, this means that you need to allocate a minimum of 4 pNICs to provide redundancy for both overlay traffic and non-overlay VMkernel traffic such as Management, vMotion, VSAN, etc. This is much easier said than done as not all hardware platforms can easily be expanded and even if they can, there still is a huge cost in expanding the physical network footprint (switch port, cabling, etc).

UPDATE (06/12/18) - As of NSX-T 2.2, which was recently released, there is now a UI in NSX-T Manager for managing the migration of VMkernel interfaces to the N-VDS. For automation purposes, you may still find this article useful but now you have option of using the UI.

How to troubleshoot NSX-T API errors when using PowerCLI?

03/21/2018 by William Lam Leave a Comment

In the last few days, I have been ramping back up on NSX-T usage, especially as I take a closer look at VMware Pivotal Container Service (PKS) which hopefully I will be able to share more with an upcoming blog series (at least, thats the plan when I find some spare time). While working on some Automation using the NSX-T REST APIs and the new NSX-T PowerCLI cmdlets, I found it to be pretty challenging and frustrating to troubleshoot NSX-T error messages thrown from the PowerCLI cmdlets.

For example, below is a PowerCLI snippet which I wrote to create a new T1 Logical Router in NSX-T.

$edgeClusterService = Get-NsxtService -Name "com.vmware.nsx.edge_clusters"
$edgeCluster = $edgeClusterService.list().results | where { $_.display_name -eq "Edge-Cluster-01" }
$logicalRouterService = Get-NsxtService -Name "com.vmware.nsx.logical_routers"
$lrSpec = $logicalRouterService.Help.create.logical_router.Create()
$lrSpec.display_name = "Foo"
$lrSpec.router_type = "TIER1"
$lrSpec.high_availability_mode = "ACTIVE_STANDBY"
$lrSpec.failover_mode = "FAILOVER_MODE_PREEMPTIVE"
$lrSpec.edge_cluster_id = "ea655f88-e184-47fe-9352-8ab9d8c955a7"
$lrAdd = $logicalRouterService.create($lrSpec)

$edgeClusterService = Get-NsxtService -Name "com.vmware.nsx.edge_clusters"

$edgeCluster = $edgeClusterService.list().results | where { $_.display_name -eq "Edge-Cluster-01" }

$logicalRouterService = Get-NsxtService -Name "com.vmware.nsx.logical_routers"

$lrSpec = $logicalRouterService.Help.create.logical_router.Create()

$lrSpec.display_name = "Foo"

$lrSpec.router_type = "TIER1"

$lrSpec.high_availability_mode = "ACTIVE_STANDBY"

$lrSpec.failover_mode = "FAILOVER_MODE_PREEMPTIVE"

$lrSpec.edge_cluster_id = "ea655f88-e184-47fe-9352-8ab9d8c955a7"

$lrAdd = $logicalRouterService.create($lrSpec)

However, when I ran the code, PowerCLI threw back a pretty generic and useless error which I am sure some of you have probably seen before "A server error occurred: 'com.vmware.vapi.std.errors.invalid.frequest': . Check $Error[0].Exception.ServerError". Even checking the error variable as stated in the error message did not yield any further details or specific to the issue I was running into.

Quick Tip – NSX-T 2.1 upgrade gotcha, use NSX Manager IP Address vs Hostname

01/02/2018 by William Lam Leave a Comment

NSX-T 2.1 was released right before the holiday break and one of the biggest enhancement is support for VMware's upcoming Pivotal Container Service (PKS) which you can read more about here. Right before I took some much needed time off with the family, I had attempted an upgrade of my existing NSX-T 2.0 environment and ran into an issue which turned out to be a known issue but apparently it is no where listed on the NSX-T 2.1 release notes.

I figure I would share the simple workaround as it drove me a bit insane trying to figure out what was going on. After successfully uploading the NSX-T 2.1 upgrade bundle and then starting the upgrade, which starts off by updating the Upgrade Coordinator component and shortly after, I am shown the following error message:

This page is only available on the NSX Manager where Upgrade Coordinator is running. To enable the service, run the command "set service install-upgrade enabled" on the NSX Manager. If the install-upgrade service is already enabled, try disabling it using "clear service install-upgrade enabled" and then enable it again.

Although the error seems to suggest the Upgrade Coordinator service may not be running (it was), even after performing the recommended operations, the error message continue to persists as seen in the screenshot below.

After reaching out to Engineering as I was out of ideas on how to further troubleshoot the issue, it turns out this was actually a known upgrade issue going from 2.0 to 2.1. Instead of connecting to the NSX-T Manager using its Hostname (FQDN), I needed to use the IP Address instead for the upgrade. Once I logged back in using the IP Address, I was no longer seeing the error message and could proceed with my NSX-T upgrade as shown in the screenshot below.