I'm trying to work out if it's possible to carry out a CSV export of the traffic filtering and marking properties against a DV switch uplink. I can't see any way immediately obvious in the GUI so assuming it must be possible with PowerCLI. I haven't been able to work out how to do this though. Is anyone able to suggest a way to do this, please?
Here is the PowerCLI area: https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/bd-p/2805
I've reported this thread asking moderators to move it there, so no need to create another.
I would suggest doing a search of that area though, your requirement is likely to have come up before.
Thanks. I've done a bit of digging online and played around with the commands, but haven't been able to figure out anything yet. Thank you though 🙂
What exactly do you want to see/exprt?
There is quite a bit of information there.
Perhaps indicate on a screenshot of the Web Client.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
We're looking to export all of the information that would appear in this window... does that help?
Ok, that is sufficient.
I'll see if I can capture that in some way that is fit for a CSV export.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Since these rules can be quite complex, I had to take some decisions to make it all fit for export to a CSV.
- each rule is a separate row
- each row contains all 3 possible traffic qualifiers, the 'XXXenabled' flag indicates if a specific qualifier is in use for a rule
- some fields are presented as a single string. For example, the MAC matching contains target MAC and the Mask in one string
Also, note that I didn't write a Test set to validate if all possibilities are covered.
I think most are, but I could have missed one or more cases.
Get-VDSwitch -PipelineVariable vds |
Get-VDPortgroup -PipelineVariable vdpg |
Where-Object { $_.IsUplink } |
ForEach-Object -Process {
foreach ($filter in $vdpg.ExtensionData.Config.DefaultPortConfig.FilterPolicy.FilterConfig) {
foreach ($set in $filter.TrafficRuleset) {
foreach ($rule in $set.Rules) {
$obj = [ordered]@{
VDS = $vds.Name
VDPG = $vdpg.Name
Inherited = $filter.Inherited
Enabled = $set.Enabled
Rule = $rule.Description
Direction = $rule.Direction
Action = ''
CoS = ''
DSCP = ''
IPEnabled = $false
IPSource = ''
IPDestination = ''
IPSrcPort = ''
IPDstPort = ''
IPProtocol = ''
MACEnabled = $false
MACEtherType = ''
MACVLANId = ''
MACSource = ''
MACDestination = ''
SystemTrafficEnabled = $false
SystemTraffic = ''
}
switch ($rule.Action.GetTYpe().Name) {
'DvsUpdateTagNetworkRuleAction' {
$obj.Action = 'Tag'
$obj.CoS = $rule.Action.QosTag
$obj.DSCP = $rule.Action.DscpTag
}
'DvsAcceptNetworkRuleAction' {
$obj.Action = 'Allow'
}
'DvsDropNetworkRuleAction' {
$obj.Action = 'Drop'
}
}
foreach ($qualifier in $rule.Qualifier) {
switch ($qualifier.GetType().Name) {
'DvsIpNetworkRuleQualifier' {
$obj.IPEnabled = $true
if ($qualifier.SourceAddress) {
switch ($qualifier.SourceAddress.GetType().Name) {
'SingleIP' {
$obj.IPSource = $qualifier.SourceAddress.Address
}
'IpRange' {
$range = "$($qualifier.SourceAddress.AddressPrefix)/$($qualifier.SourceAddress.PrefixLength)"
if ($qualfier.SourceAddress.Negate) {
$obj.IPSource = "does not match $($range)"
} else {
$obj.IPSource = "matches $($range)"
}
$obj.IPSource = "matches $($qualifier.SourceAddress.AddressPrefix)/$($qualifier.SourceAddress.PrefixLength)"
}
}
} else {
$obj.IPSource = 'any'
}
if ($qualifier.DestinationAddress) {
switch ($qualifier.DestinationAddress.GetType().Name) {
'SingleIP' {
$obj.IPSource = $qualifier.DestinationAddress.Address
}
'IpRange' {
$range = "$($qualifier.DestinationAddress.AddressPrefix)/$($qualifier.DestinationAddress.PrefixLength)"
if ($qualfier.DestinationAddress.Negate) {
$obj.IPDestination = "does not match $($range)"
} else {
$obj.IPDestination = "matches $($range)"
}
}
}
} else {
$obj.IPDestination = 'any'
}
if ($qualifier.SourceIpPort) {
switch ($qualifier.SourceIpPort.GetType().Name) {
'DvsSingleIpPort' {
if ($qualifier.SourceIpPort.Negate) {
$port = "is not $($qualifier.SourceIpPort.PortNumber)"
} else {
$port = "is $($qualifier.SourceIpPort.PortNumber)"
}
}
'DvsIpPortRange' {
if ($qualifier.SourceIpPort.Negate) {
$port = "is not in range $($qualifier.SourceIpPort.StartPortNumber ) - $($qualifier.SourceIpPort.EndPortNumber)"
} else {
$port = "is in range $($qualifier.SourceIpPort.StartPortNumber ) - $($qualifier.SourceIpPort.EndPortNumber)"
}
}
}
} else {
$port = 'any'
}
$obj.IPSrcPort = $port
if ($qualifier.DestinationIpPort) {
switch ($qualifier.DestinationIpPort.GetType().Name) {
'DvsSingleIpPort' {
if ($qualifier.DestinationIpPort.Negate) {
$port = "is not $($qualifier.DestinationIpPort.PortNumber)"
} else {
$port = "is $($qualifier.DestinationIpPort.PortNumber)"
}
}
'DvsIpPortRange' {
if ($qualifier.DestinationIpPort.Negate) {
$port = "is not in range $($qualifier.DestinationIpPort.StartPortNumber ) - $($qualifier.DestinationIpPort.EndPortNumber)"
} else {
$port = "is in range $($qualifier.DestinationIpPort.StartPortNumber ) - $($qualifier.DestinationIpPort.EndPortNumber)"
}
}
}
} else {
$port = 'any'
}
$obj.IPDstPort = $port
switch ($qualifier.Protocol.Value) {
$null {
$proto = 'any'
}
1 {
$proto = 'ICMP'
}
6 {
$proto = 'TCP'
}
17 {
$proto = 'UDP'
}
58 {
$proto = 'IPv6-ICMP'
}
Default {
$proto = $qualifier.Protocol.Value
}
}
if ($qualifier.Protocol.Negate) {
$proto = "is not $($proto)"
}
$obj.IPProtocol = $proto
}
'DvsMacNetworkRuleQualifier' {
$obj.MACEnabled = $true
if ($qualifier.SourceAddress -eq $null) {
$obj.MACSource = 'any'
} else {
switch ($qualifier.SourceAddress.GetType().Name) {
'SingleMac' {
if ($qualifier.SourceAddress.Negate) {
$obj.MACSource = "is not $($qualifier.SourceAddress.Address)"
} else {
$obj.MACSource = "is not $($qualifier.SourceAddress.Address)"
}
}
'MacRange' {
if ($qualifier.SourceAddress.Negate) {
$obj.MACSource = "does not match $($qualifier.SourceAddress.Address)/$($qualifier.SourceAddress.Mask)"
} else {
$obj.MACSource = "matches $($qualifier.SourceAddress.Address)/$($qualifier.SourceAddress.Mask)"
}
}
}
}
if ($qualifier.DestinationAddress -eq $null) {
$obj.MACDestination = 'any'
} else {
switch ($qualifier.DestinationAddress.GetType().Name) {
'SingleMac' {
if ($qualifier.DestinationAddress.Negate) {
$obj.MACDestination = "is not $($qualifier.DestinationAddress.Address)"
} else {
$obj.MACDestination = "is not $($qualifier.DestinationAddress.Address)"
}
}
'MacRange' {
if ($qualifier.DestinationAddress.Negate) {
$obj.MACDestination = "does not match $($qualifier.DestinationAddress.Address)/$($qualifier.DestinationAddress.Mask)"
} else {
$obj.MACDestination = "matches $($qualifier.DestinationAddress.Address)/$($qualifier.DestinationAddress.Mask)"
}
}
}
}
if ($qualifier.Protocol -eq $null) {
$proto = 'any'
} else {
switch ($qualifier.Protocol.Value) {
0x0800 {
$proto = 'IPv4 (0800)'
}
0x86DD {
$proto = 'IPv6 (86DD)'
}
0x0806 {
$proto = 'ARP (0806)'
}
}
if ($qualifier.Protocol.Negate) {
$proto = "is not $($proto)"
} else {
$proto = "is $($proto)"
}
}
$obj.MACEtherType = $proto
if ($qualifier.VlanId -ne $null) {
$obj.MACVLANId = $qualifier.VlanId.Value
} else {
$obj.MACVLANId = 'any'
}
}
'DvsSystemTrafficNetworkRuleQualifier' {
$obj.SystemTrafficEnabled = $true
$obj.SystemTraffic = $qualifier.TypeOfSystemTraffic.Value
}
}
}
New-Object -TypeName PSObject -Property $obj
}
}
}
} | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ah, that's brilliant; thank you. I'll try it out shortly and let you know how I get on.
That does exactly what I need it to; thank you so much 😀