All Posts

admin · ‎07-08-2014

From what I know, there is no configured hard limit for the number of Transport Zones. Keep in mind the following behaviour, though: - Say you have one DVS spanning three clusters, C1, C2 and ...

From what I know, there is no configured hard limit for the number of Transport Zones. Keep in mind the following behaviour, though: - Say you have one DVS spanning three clusters, C1, C2 and C3. - You create a new Transport Zone TZ1 with clusters C2 and C3 As dvPortgroups for logical switches are created at DVS scope, C1 will still see (and will be able to use) all LS you create against TZ1. To work around this, create multiple DVS. The behaviour is much more strict when it comes to Distributed Logical Router, though. An individual DLR will only allow you to attach logical switches of the same TZ, even if you have a different TZ that covers the same set of clusters.

boomchke · ‎07-08-2014

Sounds like the bottom line is its a mean to further containerize logical switches even though they are ,by definition, separate segments. Is there any practical limitation to them? A max confi...

Sounds like the bottom line is its a mean to further containerize logical switches even though they are ,by definition, separate segments. Is there any practical limitation to them? A max configurable amount etc?

admin · ‎07-07-2014

Transport zones is a tool that can be used based on your requirements. Since NSX is much more of a "toolbox" than a "directly consumable product", use and applicability of its features would depe...

Transport zones is a tool that can be used based on your requirements. Since NSX is much more of a "toolbox" than a "directly consumable product", use and applicability of its features would depend on what you're trying to achieve. In cases when there is no need for constraining scope of logical switches, it is normally perfectly fine to have a single TZ for the whole NSX domain, and all its tenants. There are cases when people wanted to have an extra layer of assurance for inter-"zone" isolation, which they achieved using multiple TZ in a fashion similar to what I've described above.

boomchke · ‎07-07-2014

Thanks for the response. Im aware of how the Transport Zone fits into NSX model as you described. Im just wondering what the VMware best practice for using them is. Should I have one transport...

Thanks for the response. Im aware of how the Transport Zone fits into NSX model as you described. Im just wondering what the VMware best practice for using them is. Should I have one transport zone per tenant? Thats not required for tenant isolation since the VXLAN segments are applied per logical switch. Seems like there should be a prescribed use case for them, just seems like Im missing something here....

admin · ‎07-07-2014

Hello, Transport zones determine the "scope" of Logical Switches tied to them. When a Logical Switch is created, it is tied 1:1 to a Transport Zone. A Logical Switch will only be availab...

Hello, Transport zones determine the "scope" of Logical Switches tied to them. When a Logical Switch is created, it is tied 1:1 to a Transport Zone. A Logical Switch will only be available on hosts in those clusters that are members of the Transport Zone that this Logical Switch is tied to. For example: - Say you have four clusters, C1, C2, C3, and C4. - You then create a Transport Zone TZ1, with clusters C1 and C2; and TZ2 with clusters C3 and C4. - Then you create a Logical switch LS1 in TZ1, and LS2 in TZ2. In this configuration, you won't be able to attach LS1 and LS2 to neither a distributed router, nor an Edge Gateway, because LS1 will only exists on hosts in C1 and C2, and LS2 on hosts in C3 and C4. This is an extreme example, but it may be useful as an additional security measure (it won't be possible to even "fat finger" configuration that would allow communications between LS1 and LS2). Hope this helps.

admin · ‎07-07-2014

Hi NSRUSHI, I just tried the link and seems to be working fine. Regards,

boomchke · ‎07-07-2014

While playing with NSX in the lab, I initially thought that transport zones were a means to separate different tenants. AKA, if I wanted to do have overlapping IP space etc, I would use differen...

While playing with NSX in the lab, I initially thought that transport zones were a means to separate different tenants. AKA, if I wanted to do have overlapping IP space etc, I would use different transport zones. After more reading and plying around, it appears that each logical switch is its own VXLAN segment (different segment IDs). And it appears the only means to route between segments is through the distributed router. That being said, it looks like the logical switch is the real VXLAN separation at a tenant level. That is, different distributed routers and logical switches are a sufficient means to isolate tenants. If thats the case, then are transport zones just a means to further isolate VXLAN traffic? Was this more relevant in multicast mode rather than unicast mode?

m80arm · ‎07-04-2014

Thanks Dmitri for you help on this. I've updated my blog post accordingly: M80ARM - Virtualization Warrior: Missing logical switch in NSX GUI Michael

admin · ‎07-04-2014

Ok, so I think we've got to the bottom of this. Looks like the request to delete the LS was issued when environment's the only one Controller was not available for whatever reason. 2014-07-02 ...

Ok, so I think we've got to the bottom of this. Looks like the request to delete the LS was issued when environment's the only one Controller was not available for whatever reason. 2014-07-02 13:40:55.734 BST INFO http-nio-127.0.0.1-7441-exec-18 ControllerServiceImpl:692 - remove VNI lswitch=ae65a47b-ad6d-4ff1-ac4c-6b65df2ec7a4 2014-07-02 13:40:55.735 BST WARN http-nio-127.0.0.1-7441-exec-18 VirtualWireServiceImpl:815 - Ignoring exception : 'all controllers are inactive' during the removal of lSwitch ae65a47b-ad6d-4ff1-ac4c-6b65df2ec7a4. NSX Manager then proceeded to delete portgroups and whatnot, but stubmbed when it came to deleting Virtual Wire: 2014-07-02 13:40:57.272 BST ERROR http-nio-127.0.0.1-7441-exec-14 VirtualWireServiceImpl:1060 - Virtual Wire virtualwire-6 not found. 2014-07-02 13:40:57.273 BST WARN http-nio-127.0.0.1-7441-exec-14 RemoteInvocationTraceInterceptor:87 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.vsm.vdn.facade.VdnInventoryFacade.getUiVirtualWire com.vmware.vshield.vsm.exceptions.ObjectNotFoundException: core-services:202:The requested object : virtualwire-6 could not be found. Object identifiers are case sensitive. What we landed up with is with the situation when Controller still has VNI, but NSX Manager didn't (and no matching portgroups in DVS). How we recovered: 1) Change the TZ control plane mode to "Multicast", asking it to convert all LSes to the same 2) Delete the Controller that thought it had the VNI 3) Deploy a new Controller, wait for it to come fully online 4) Convert TZ back to Unicast mode, asking it to conver all LSes to the same Which looks like brought the "lost" LS back into the UI. Moral of the story: please try to have the recommended number of Controllers (which is three) available.

GeordyKorte · ‎07-04-2014

Ok, Let's get back to the basics... Which version of NSX-V are you running, Version of ESXi, and how did you create the original logical swicth (using gui or api)

m80arm · ‎07-04-2014

Dmitri, I can't add the VM's to the logical switch because that switch doesn't actually appear in the GUI and the port group isn't actually available on any of the three hosts in the cluster. ...

Dmitri, I can't add the VM's to the logical switch because that switch doesn't actually appear in the GUI and the port group isn't actually available on any of the three hosts in the cluster. It seems that when I deleted the switch it only half deleted it from the environment and the name is still around somewhere. I've currently only got one controller. I've tried removing and re-creating the controllers but this has not worked. I've added screen shots for the two commands requested. My network is fully routed so the NSX Manager can communicate with both the controller and all hosts. I've also tried forcing a re-sync via the VXLAN option but still no joy Thanks for your help Michael

admin · ‎07-04-2014

Hi Michael, Could you try to connect a couple VMs to that logical switch, best if they are on different hosts, and see if they can reach each other? If VMs attach to the logical switch success...

Hi Michael, Could you try to connect a couple VMs to that logical switch, best if they are on different hosts, and see if they can reach each other? If VMs attach to the logical switch successfully, you should see your hosts connect to the controller (10.1.15.21) - "Connections" and "VTEPs" should show the number of hosts that have VMs connected to the VNI 5002. Also, how many controllers have you got? Could you please show what "show control-cluster startup-nodes" and "show control-cluster status" says on your controller? P.S. I see your controller and NSX Manager are on different subnets. It's worth noting that NSX manager has to be able to talk to controllers, and management interfaces on all ESXi hosts, and management interfaces on hosts have to be able to talk to the controllers. Not likely a problem, but just making sure. P.P.S. Just realised that in your blog you're showing force-syncing routing services, not VXLAN config. See attaches screenshot on where to do it for VXLAN.

Linjo · ‎07-03-2014

Then you should contact your local VMware team to get access to the software.

NSRUSHI · ‎07-03-2014

Hi No, i was using trial and i dont have the authorization to download, since this is only POC but needed the file to continue for openstack.Can you download and give me this file , incase i...

Hi No, i was using trial and i dont have the authorization to download, since this is only POC but needed the file to continue for openstack.Can you download and give me this file , incase if its possible? BR, Rushi.

Linjo · ‎07-03-2014

If you have licensed NSX you should be able to download the software, have you a registered license?

NSRUSHI · ‎07-03-2014

here is the link that i tried, however i can't ..can someone provide this file going to vmware and link https://my.vmware.com/web/vmware/details?productId=418&downloadGroup=NSX-MH-412-TOOLS...

here is the link that i tried, however i can't ..can someone provide this file going to vmware and link https://my.vmware.com/web/vmware/details?productId=418&downloadGroup=NSX-MH-412-TOOLS File: NSX vswitch. BR, Rushi.

NSRUSHI · ‎07-03-2014

Hi Could some one provide download link as my account with VMWARE is not authenticated to download. i need this file or whatever the latest. vmware-nsxvswitch-2.0.1-30494-release.vib BR,...

Hi Could some one provide download link as my account with VMWARE is not authenticated to download. i need this file or whatever the latest. vmware-nsxvswitch-2.0.1-30494-release.vib BR, Rushi.

m80arm · ‎07-03-2014

Hi Dmitri, When trying form a different browser on a different client device I'm still unable to see the logical switch. Only one vndscope appears when running the command: <vdnScopes> ...

Hi Dmitri, When trying form a different browser on a different client device I'm still unable to see the logical switch. Only one vndscope appears when running the command: <vdnScopes> <vdnScope> <objectId>vdnscope-3</objectId> <objectTypeName>VdnScope</objectTypeName> <vsmUuid>42260F89-88A8-121D-7087-378A7F8C5419</vsmUuid> <revision>0</revision> <type> <typeName>VdnScope</typeName> </type> <name>Transport Zone</name> <description/> <clientHandle/> <extendedAttributes/> <id>vdnscope-3</id> <clusters> <cluster> <cluster> <objectId>domain-c36</objectId> <objectTypeName>ClusterComputeResource</objectTypeName> <vsmUuid>42260F89-88A8-121D-7087-378A7F8C5419</vsmUuid> <revision>50</revision> <type> <typeName>ClusterComputeResource</typeName> </type> <name>TestCluster</name> <scope> <id>datacenter-21</id> <objectTypeName>Datacenter</objectTypeName> <name>TestLab</name> </scope> <clientHandle/> <extendedAttributes/> </cluster> </cluster> </clusters> <virtualWireCount>1</virtualWireCount> <controlPlaneMode>UNICAST_MODE</controlPlaneMode> </vdnScope> </vdnScopes> When running the command: POST https://10.1.2.41/api/2.0/vdn/scopes/vdnscope-3?action=repair I get 200 OK and jobdata-5055 retuned in the Response Body. When checking in the GUI the logical switch still fails to show and when querying the controller directly it still shows VNI 5002 is in use Michael

admin · ‎07-03-2014

Hi Michael, This could be a UI problem.. To rule that out, could you please try to (a) open your vSphere Web Client in a different browser; or (b) force-reload the UI (shift+reload in your bro...

Hi Michael, This could be a UI problem.. To rule that out, could you please try to (a) open your vSphere Web Client in a different browser; or (b) force-reload the UI (shift+reload in your browser)? If this doesn't help, you could try to issue a "repair" against your Transport Zone, as follows: GET https://10.1.2.41/api/2.0/vdn/scopes and look for <vdnScopes> <vdnScope> <objectId>vdnscope-<X></objectId> I expect you to see one vdnscope-<X> ("vdnscope-3" in your case), but would be interested to see if more show up. Then, POST https://10.1.2.41/api/2.0/vdn/scopes/vdnscope-<X>?action=repair Hope this helps..

ddesmidt · ‎07-03-2014

What version of NSX-MH are you using? I followed the same steps you did with success. Note: 192.168.30.11 is my NSX-MH Controller. Authentication =========== root@localhost:~# curl -k -c c...

What version of NSX-MH are you using? I followed the same steps you did with success. Note: 192.168.30.11 is my NSX-MH Controller. Authentication =========== root@localhost:~# curl -k -c cookies.txt -d 'username=admin&password=admin' https://192.168.30.11/ws.v1/login Successful Authentication. You successfully authenticated. Use the cookie in this reply in future requests. root@localhost:~# cat cookies.txt # Netscape HTTP Cookie File # http://curl.haxx.se/rfc/cookie_spec.html # This file was generated by libcurl! Edit at your own risk. 192.168.30.11 FALSE / TRUE 0 nvp_sessionid b3e3387c0c17bb1fb9c3702cbecca589 Request to get the Transport Zone ========================= root@localhost:~# curl -k -b cookies.txt -s https://192.168.30.11/ws.v1/transport-zone {"results": [{"_schema": "/ws.v1/schema/TransportZone", "_href": "/ws.v1/transport-zone/349106cf-d4e0-439c-9b52-d123d837908a"}], "result_count": 1}root@localhost:~# # I like the display better with "python -m json.tool" root@localhost:~# curl -k -b cookies.txt -s https://192.168.30.11/ws.v1/transport-zone | python -m json.tool { "result_count": 1, "results": [ { "_href": "/ws.v1/transport-zone/349106cf-d4e0-439c-9b52-d123d837908a", "_schema": "/ws.v1/schema/TransportZone" } ] } Can you give your output?

All

All Posts

Re: Best practice for transport zones

Re: Best practice for transport zones

Re: Best practice for transport zones

Re: Best practice for transport zones

Re: Best practice for transport zones

Re: VOVA_ICEHOUSE.ova download link

Best practice for transport zones

Re: Missing Logical switch

Re: Missing Logical switch

Re: Missing Logical switch

Re: Missing Logical switch

Re: Missing Logical switch

Re: vmware-nsxvswitch-2.0.1-30494-release.vib file needed.

Re: vmware-nsxvswitch-2.0.1-30494-release.vib file needed.

Re: vmware-nsxvswitch-2.0.1-30494-release.vib file needed.

Re: vmware-nsxvswitch-2.0.1-30494-release.vib file needed.

vmware-nsxvswitch-2.0.1-30494-release.vib file needed.

Re: Missing Logical switch

Re: Missing Logical switch

Re: NSX Multi-hypervisor API keeps returning 501 Not Implemented