Tag Archives: VMware NSX

VMware NSX Manager 6.x.x Backup and Restore

In this post i am going to discuss how to configure Backup for NSX Manager 6.x.x, Schedule backup for NSX Manager 6.x.x, How to take On-demand Backup for NSX Manager 6.x.x and Restore NSX Manager configuration from a backup.

We can back up and restore NSX Manager data, which includes system configuration, events, and audit log tables. Backup are saved to a remote location and that must be accessible by the NSX manager.

We can back up NSX manager data on-demand or we can schedule as per plan.

Let’s start now how to configure remote server to store the backup of NSX manager.

  1. Login to the VMware NSX Manager Virtual Appliance with Admin account.

b12. Under the NSX Manager Virtual Appliance Management –> Click Backup & Restore.b2

3. To store the NSX Manager Backup we can use FTP server with FTP or SFTP Transport protocol. To configure FTP Sever settings click Change Next to FTP Server Settings.b3

4. Backup Location Window will open up:

  • Enter IP/Host name of the FTP Server.
  • Choose Transfer protocol either FTP or SFTP, based on what the destination server supports.
  • Enter the Port number for Transfer Protocol.
  • Enter the user name and password to connect to backup server.
  • Enter the Backup Directory where you want to store the backup.
  •  Enter the Filename Prefix, Prefix will be added every time with backup file runs for NSX manager.
  • Type the Pass Phrase to secure the backup.
  • Click OK to test connection between NSX Manager and FTP Server and Save the settings.

b4

5. Once connection testing done it will save the settings. It will show the settings as below.b5

6.  After configuring the FTP Server Settings, We can configure to schedule the backup. Click Change next to Scheduling. We can schedule backup for Hourly, Daily or Weekly basis. Choose your option as per plan ( Recommended is to take daily basis), and Click Schedule to save the settings.

b6

b7

b8

7. Backup will run as per schedule and you can see entry for every day.

b9

8. We can also perform on-demand backup of NSX manger. For On-Demand backup of NSX Manager click Backup Next to Backup History.b10

9. Create Backup window will open up to confirm that you want to start a backup process now, Click Start to start the backup immediately.b11

10. it will take few minutes to complete the Backup process.b12

11. You can see new backup entry in Backup History.b13

Now will discuss how to Restore from a backup.

We can restore a backup only on a freshly deployed NSX Manager Appliance.  So let’s assume that we have some issue with Current NSX manager and can not be recovered.

In this scenario we can deploy new NSX Manager Virtual Appliance, Configure the FTP Server settings to identify the location of the backup to be restored. Select the backup from backup history and Click Restore and Click OK to confirm.b15That’s it. This is how we can configure Remote Server to store NSX Manager backup, Schedule NSX Manager backup, Perform on-demand backup for NSX Manager and Restore from a backup.

Thank you and Keep spreading the knowledge  🙂

 

 

VMware Released NSX for vSphere 6.2.3

VMware released NSX for vSphere 6.2.3 last month with many Changes and also includes a number of bug fixes in the previous version of NSX.

 

Here are Changes introduced in NSX vSphere 6.2.3:-

  • Logical Switching and Routing
    • NSX Hardware Layer 2 Gateway Integration: expands physical connectivity options by integrating 3rd-party hardware gateway switches into the NSX logical network
    • New VXLAN Port 4789 in NSX 6.2.3 and later: Before version 6.2.3, the default VXLAN UDP port number was 8472. See the NSX Upgrade Guide for details.
  • Networking and Edge Services
    • New Edge DHCP Options: DHCP Option 121 supports static route option, which is used for DHCP server to publish static routes to DHCP client; DHCP Options 66, 67, 150 supports DHCP options for PXE Boot; and DHCP Option 26 supports configuration of DHCP client network interface MTU by DHCP server.
    • Increase in DHCP Pool, static binding limits: The following are the new limit numbers for various form factors: Compact: 2048; Large: 4096; Quad large: 4096; and X-large: 8192.
    • Edge Firewall adds SYN flood protection: Avoid service disruptions by enabling SYN flood protection for transit traffic. Feature is disabled by default, use the NSX REST API to enable it.
    • NSX Edge — On Demand Failover: Enables users to initiate on-demand failover when needed.
    • NSX Edge — Resource Reservation: Reserves CPU/Memory for NSX Edge during creation. You can change the default CPU and memory resource reservation percentages using this API. The CPU/Memory percentage can be set to 0 percent each to disable resource reservation.PUT https://<NSXManager>/api/4.0/edgePublish/tuningConfiguration
                  <tuningConfiguration>
                     <lockUpdatesOnEdge>false</lockUpdatesOnEdge>
                     <aggregatePublishing>true</aggregatePublishing>
                     <edgeVMHealthCheckIntervalInMin>0</edgeVMHealthCheckIntervalInMin>
                     <healthCheckCommandTimeoutInMs>120000</healthCheckCommandTimeoutInMs>
                     <maxParallelVixCallsForHealthCheck>25</maxParallelVixCallsForHealthCheck>
                     <publishingTimeoutInMs>1200000</publishingTimeoutInMs>
                     <edgeVCpuReservationPercentage>0</edgeVCpuReservationPercentage>
                     <edgeMemoryReservationPercentage>0</edgeMemoryReservationPercentage>
                     <megaHertzPerVCpu>1000</megaHertzPerVCpu>
                  </tuningConfiguration>
      
    • Change in NSX Edge Upgrade Behavior: Replacement NSX Edge VMs are deployed before upgrade or redeploy. The host must have sufficient resources for four NSX Edge VMs during the upgrade or redeploy of an Edge HA pair. Default value for TCP connection timeout is changed to 21600 seconds from the previous value of 3600 seconds.
    • Cross VC NSX — Universal Distributed Logical Router (DLR) Upgrade: Auto upgrade of Universal DLR on secondary NSX Manager, once upgraded on primary NSX Manager.
    • Flexible SNAT / DNAT rule creation: vnicId no longer needed as an input parameter; removed requirement that the DNAT address must be the address of an NSX Edge VNIC.
    • NSX Edge VM (ESG, DLR) now shows both Live Location and Desired Location. NSX Manager and NSX APIs including GET api/4.0/edges//appliances now return configuredResourcePool and configuredDataStore in addition to current location.
    • Edge Firewall adds SYN flood protection: Avoid service disruptions by enabling SYN flood protection for transit traffic. Feature is disabled by default, use the NSX REST API to enable it.
    • NSX Manager exposes the ESXi hostname on which the 3rd-party VM Series firewall SVM is running to improve operational manageability in large-scale environments.
    • NAT rule now can be applied to a VNIC interface and not only an IP address.

For complete details please refer release note :- http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html

Thank you and Keep sharing 🙂

Network Virtualization with VMware NSX – Part 3

In the Network Virtualization with VMware NSX – Part 2 we have discussed about NSX Controller Cluster, How to Deploy the NSX Controller Instances, Create IP Pool, and Install Network Virtualization Components ( Prepare Hosts) on vSphere Hosts.

In this part will discuss about Logical Switch Networks and VXLAN Overlays.

Before Discussing VXLAN let’s discuss bit about Virtual LAN (VLAN):-

A VLAN is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

VLANs address scalability, security, and network management by enabling a switch to serve multiple virtual subnets from its LAN ports.

VLAN Split switches into separate virtual switches (Broadcast Domains). Only members of a virtual LAN (VLAN) can see that VLAN’s traffic. Traffic between VLANs must go through a router.

By default, all ports on a switch are in a single broadcast domain. VLANs enable a single switch to serve multiple switching domains. The forwarding table on the switch is partitioned between all ports belonging to a common VLAN. All ports on a Switch by default part of single and default VLAN 0 and this default VLAN is called the Native VLAN.

Virtual Extensible LAN (VXLAN) enables you to create a logical network for your virtual machines across different networks. You can create a layer 2 network on top of your layer 3 networks.

VXLAN is an Ethernet in IP overlay technology, where the original layer 2 frame is encapsulated in a User Datagram Protocol (UDP) packet and delivered over a transport network. This technology provides the ability to extend layer 2 networks across layer 3 boundaries and consume capacity across clusters. The VXLAN adds 50 to 54 bytes of information to the frame, depending on whether VLAN tagging is used. VMware recommends increasing the MTU to at least 1,600 bytes to support NSX.

A VXLAN Number Identifier (VNI) is a 24-bit number that gets added to the VXLAN frame. The 24-bit address space theoretically enables up to 16 million VXLAN networks. Each VXLAN network is an isolated logical network.  VMware NSX™ starts with VNI 5000.

A Virtual Tunnel End Point (VTEP) is an entity that encapsulates an Ethernet frame in a VXLAN frame or de-encapsulates a VXLAN frame and forwards the inner Ethernet frame.

VXLAN Frame :-

VXLAN1The top frame is the original frame from the virtual machines, minus the Frame Check Sequence (FCS), encapsulated in a VXLAN frame. A new FCS is created by the VTEP to include the entire VXLAN frame. The VLAN tag in the layer 2 Ethernet frame exists if the port group that your VXLAN VMkernel port is connected to has an associated VLAN number. When the port group is associated with a VLAN number, the port group tags the VXLAN frame with that VLAN number.

VXLAN Replication Modes:-

Three modes of traffic replication exist: two modes are based on VMware NSX Controller™ based and one mode is based on data plane.

vxlan1Unicast has no physical network requirements apart from the MTU. All traffic is replicated by the VTEPs. In NSX, the default mode of traffic replication is unicast.  Unicast has Higher overhead on the source VTEP and UTEP.

Multicast mode uses the VTEP as a proxy. In multicast, the VTEP never goes to the NSX Controller instance. As soon as the VTEP receives the broadcast traffic, the VTEP multicasts the traffic to all devices. Multicast has lowest overhead on the source VTEP.

Hybrid mode is not the default mode of operation in NSX for vSphere, but is important for larger scale operations. Also the configuration overhead or complexity of L2 IGMP is significantly lower than multicast routing.

In the Network Virtualization with VMware NSX – Part 2 we have configured/Prepared Hosts so now let’s Configure VXLAN on the ESXi Hosts.

1. Connect to vCenter using web client.

2. Click Networking & Security and then click Installation.

3. Click the Host Preparation tab and under VXLAN column Click Configure to start Configuring VXLAN on the ESXi Hosts.

vxlan24. In the Configure VXLAN networking dialog box, Select Switch, VLAN, Set MTU to 1600, for VMKNic IP Addressing if you have created IP Pool choose existing IP from from list or Click IP Pool to create New Pool And Click OK.

vxlan3

vxlan45. It will take few minutes to configure depending upon number of Hosts into Cluster. If an error is indicated, it is a transitory condition that occurs early in the process of applying the VXLAN configuration to the cluster. The vSphere Web Client interface has not updated to display the actual status. Click Refresh to update the console.

vxlan56. Repeat the steps to configure all the clusters. Once Configuration done on all clusters.Verify that the VXLAN status is Enabled with a green check mark.

vxlan67.  Once VXLAN Configuration done for all the clusters and VXLAN status is Enabled with a green check mark. Click the Logical Network Preparation tab and verify that VXLAN Transport is selected. In the Clusters and Hosts list,expand each of the clusters and confirm the host has a vmk# interface created with IP Address from the IP Pool we have created for each.

vxlan7Once We have finished Configuring VXLAN and Verified VXLAN configuration for all the clusters. Next need to Configure the VXLAN ID Pool to identify VXLAN networks:-

1.  On the Logical Network Preparation tab, click the Segment ID button and Click Edit to open the Segment ID pool dialog box to configure ID Pool.

2. Enter the Segment ID Pool and Click Ok to complete. VMware NSX™ starts with VNI ID from 5000.

vxlan8Next we need to Configure a Global Transport Zone:-

A transport zone specifies the hosts and clusters that are associated with logical switches created in the zone. Hosts in a transport zone are automatically added to the logical switches that you create. This process is very similar to manually adding hosts to VMware vSphere Distributed Switch.

1. On the Logical Network Preparation tab, click Transport Zones and Click the green plus sign to open the New Transport Zone dialog box.

vxlan92.  Enter the Name for Transport Zone and Select Control Plane Mode. select Clusters to Add to the Transport Zone and Click OK to complete the creation.

vxlan10

vxlan11

———————————————————————————————————-

NSX Logical Switching

The Logical Switching capability in the NSX platform provides customers the ability to spin up isolated logical L2 networks with the same flexibility and agility, as it is to spin up virtual machines. Endpoints, both virtual and physical, can then connect to those logical segments and establish connectivity independently from the specific location where
they are deployed in the data center network. This is possible because of the decoupling between network infrastructure and logical networks provided by NSX network virtualization. Each logical switch gets its own unique VNI.

The deployment of the NSX Virtualization components can help to the agile and flexible creation of applications with their required network connectivity and services. A typical example is the creation of a multi-tier application.

LS11Configure Logical Switch Networks

We need to create logical switches for the all required networks (e.g. Transit, Web-Tier, App-Tier, and DB-Tier networks as per above picture.)
1. Connect to vCenter Server using web Client and Click Networking and Security and Select Logical Switches,  In the left navigation pane.

LS12. Click the Green plus sign to open the New Logical Switch dialog box. Enter the Logical Switch Name and  Select the Global Transport Zone we had created earlier, Choose the Control Plane Mode and Click OK to complete the Switch creation.

ls23. Wait for the update to complete and confirm Transit-Network appears with a status of Normal. Repeat steps to create all required Logical Switches and all are Normal.

LS3Once Logical Switches has been created we need to Migrate Virtual Machines to Logical Switches:-

1. In the left pane under Networking & Security and select Logical Switches. In the center pane, select the logical Switch e.g. Web-Tier –> Right Click the Choose Add VM..

LS42. Select Virtual Machines you want to add to the Logical Switch and Click Next.

LS53.  Select the VNIC you want to add to the Network and Click Next.

LS64. In the Ready to complete box verify the settings and  Click Finish to Complete adding VMs to desired Network.

LS75. To verify that VMs have been added to Logical Switch, Double Click the Logical Switch.

LS36. Click Related Objects and Virtual Machines tab and you can the list of VMs added to this specific Logical Switch.

LS87. Repeat the same steps for all the Logical Switches to Add VMs. Once done try to ping VMs in same switch and between Switch.

Now you can only ping VMs connected in the same Switch. To communicate with VMs in another Switch we need to configure Routing. Which will discuss in next Part.

======================================================

Other NSX Parts:-

Network Virtualization with VMware NSX – Part 1

Network Virtualization with VMware NSX – Part 2

Network Virtualization with VMware NSX – Part 3

Network Virtualization with VMware NSX – Part 4

Network Virtualization with VMware NSX – Part 5

– See more at: http://virtualcloudsolutions.info/?p=829#sthash.YMq7IeEE.dpuf

Please share if useful …..Thank You 🙂

Network Virtualization with VMware NSX – Part1

Overview of VMware NSX

VMware NSX is a network virtualization platform that enables you to build a rich set of logical networking services such as Logical Switching, Logical Routing, Logical Firewall, Logical Load Balancer, Logical Virtual Private Network (VPN). NSX enables you to start with your existing network and server hardware in the data center. NSX adds nothing to the physical switching environment. NSX exists in the ESXi environment and is independent of the network hardware.

NSX is a software networking and security virtualization platform that delivers the operational model of a virtual machine for the network. Virtual networks reproduce the Layer2 – Layer7 network model in software. By virtualizing the network, NSX delivers a new operational model for networking that breaks through current physical network barriers and enables data center operators to achieve better speed and agility with reduced costs.

With VMware NSX, virtualization now delivers for networking what it has already delivered for compute and storage. In much the same way that server virtualization programmatically creates, snapshots, deletes and restores software-based virtual machines (VMs), VMware NSX network virtualization programmatically creates, snapshots, deletes, and restores software-based virtual networks.

NSX can be configured through the vSphere Web Client, a command line interface (CLI), and REST API.

An NSX-v deployment consists of a data plane, control plane and management plane:

nsx9

NSX Functional Services

NSX provides a faithful reproduction of network & security services in software. e.g.

NSX10

Preparing for Installation

NSX has the following requirements:

  • vCenter Server 5.5 or later
  • ESXi 5.0 or later for each server
  • VMware Tools

NSX requires below ports for installation and daily operations:

  • 443 between the ESXi hosts, vCenter Server, and NSX Manager.
  • 443 between the REST client and NSX Manager.
  • TCP 902 and 903 between the vSphere Web Client and ESXi hosts.
  • TCP 80 and 443 to access the NSX Manager management user interface and initialize the vSphere and NSX Manager connection.
  • TCP 1234 Communication between ESXi Host and NSX Controller Clusters
  • TCP 22 for CLI troubleshooting.

NSX Manager

The NSX Manager is the centralized management component of NSX, and runs as a virtual appliance on an ESXi host. Each NSX Manager manages a single vCenter Server environment. The NSX Manager requires connectivity to the vCenter Server, ESXi host, and NSX Edge instances, vShield Endpoint module, and NSX Data Security virtual machine. NSX components can communicate over routed connections as well as different LANs.

The NSX Manager virtual machine is packaged as an Open Virtualization Appliance (OVA) file, which allows you to use the vSphere Web Client to import the NSX Manager into the datastore and virtual machine inventory.

In the NSX for vSphere architecture, the NSX Manager is tightly connected to the vCenter server managing the compute infrastructure. In fact, there is a 1:1 relationship between the NSX Manager and vCenter and upon installation the NSX Manager registers with vCenter and injects a plugin into the vSphere Web Client for consumption within the Web management platform.

NSX Manager Components Plugin and Integration inside vSphere Web Client :-

NSX11

Note :- You can install the NSX Manager in a different vCenter than the one that the NSX Manager will be interoperating with. A single NSX Manager serves a single vCenter Server environment only.

Note :- Each NSX virtual appliance includes VMware Tools. Do not upgrade or uninstall the version of VMware Tools included with a NSX virtual appliance.

Deploy NSX Manager Virtual Appliance :-

1. Download the NSX Manager Open Virtualization Appliance (OVA) from https://my.vmware.com/web/vmware/downloads.

NSX22. Under Networking & Security section click Download Product for VMware NSX.

NSX33. Select your Version and click Go to Downloads.

NSX44. On the Download VMware NSX for vSphere 6.X Window click Download Now to start downloading of the NSX Manager Open Virtualization Appliance (OVA) file.

5. Place the NSX Manager Open Virtualization Appliance (OVA) file in a location accessible to your vCenter server and ESXi hosts.

6. Log in to the vSphere Web Client where do you want to Import/Run the NSX Manager.

7. Right-click the Cluster/Host where you want to install NSX Manager and select Deploy OVF Template.

NSX158. If this is the first time you are deploying an OVF file, It will ask you to download the Client Integration Plug-in. Click on Download the Client Integration Plug-in link to download and install. (Close all browser before installation and once completed Log in to the vSphere Web Client again and navigate to the host where you were installing NSX Manager.)

NSX169. On the Select Source window Click Browse to locate the folder on your computer that contains the NSX Manager OVA file, Select the OVA click Open and click Next.

NSXM2

NSXM310. It will take few seconds to validate the OVA. Once validated click Next to continue

NSXM411. Review the OVF template details and click Next.

NSXM612. Click Accept to accept the VMware license agreements and click Next.

NSXM713. Name the NSX Manager and select the location for the NSX Manager that you are installing and Click Next.

NSXM814. Select Storage and Click Next.

NSXM915. On the Setup networks page, confirm that the NSX Manager adapter has been mapped to the correct host network and click Next.

NSXM1016. On the Customized template page, specify the Passwords, Network Properties, DNS, NTP and SSH and Click Next.

NSXM1117. On the Ready to complete page, review the NSX Manager settings, Check the Power On after Deployment and click Finish.

NSXM12The NSX Manager is installed as a virtual machine in the inventory. Once deployment of NSX manager finished we need to Log In to the NSX Manager Virtual Appliance and Configure the NSX Manager.

Log In to the NSX Manager Virtual Appliance:-

1. Open the Web browser window and type the Name/IP address assigned to the NSX Manager. For example, https://nsxmanager.vdca550.com (In my case). Accept the security certificate. The NSX Manager login screen appears.

2. Use User name admin and the password you set during installation. If you had not set a password during installation, type default as the password and Click Log In.

NSXM133. Below is Home Screen of the NSX Manager. As you can see from here we can Manage Appliance Settings, Manage vCenter Registration, Backup and Restore of NSX Manager, and Upgrade NSX Manager Appliance.

NSXM144. Click on the View Summary to View and Configure the NSX Manager.

NSXM155. Click on the Mange Tab. From General Setting you can configure Time (NTP) and Syslog server Settings. Click Edit to enter the details and click ok.

NSXM16Time (NTP) Settings:-

NSXM17Syslog Server Settings:-

NSXM186. Click on Network. You can Review/Edit NSX Manager Network Settings and DNS Server settings for NSX Manager. Click on Edit to Edit the settings and click OK.

NSXM20

NSXM197. Click on SSL Certificates option to configure the SSL Certificate for NSX Manager.

8. Click on Backups and Restore option to take or scheduled Back of NSX manager Data.

NSXM21Note :- Currently there is no option to have multiple NSX managers for redundancy, So Backup is very critical for NSX Manger. In the case of NSX Manager failure you need to Deploy New NSX Manger and Restore the configuration from last backup.

9. To Upgrade your NSX Manager Appliance to latest version Download the Upgrade bundle from VMware website first and then from Upgrade Option in NSX Manager you can Upgrade to latest version. Click Upgrade in the Upgrade NSX Management Service –> Click Browse to select the Upgrade bundle and Click Upgrade to start the upgrade.

NSXM23

NSXM2410. Last and Important Option is NSX Management Service. Click on NSX Management Service –> Under vCenter Server Section click Configure to Register vCenter Server with NSX Manager. Enter vCenter Server Name, User Name and Password and Click OK to Add/Register vCenter Server with NSX Manager.

NSXM2511. Once vCenter Server registration done with NSX Manager We can connect to vCenter Server and verify that Networking & Security Icon under Inventories List.

NSXM2612. Click on the Networking & Security to open up the NSX Home page.

NSXM27And now we are all set to start the use of NSX features.

In the Next Part will discuss Installing and Configuring NSX Components …Please leave your Questions/Comments/Suggestions..Thank you !! 

Other NSX Parts:-

Network Virtualization with VMware NSX – Part 1

Network Virtualization with VMware NSX – Part 2

Network Virtualization with VMware NSX – Part 3

Network Virtualization with VMware NSX – Part 4

Network Virtualization with VMware NSX – Part 5

Save 50% off Your Network Virtualization Certification Exam through June 30

The future of networking is virtual. Keep your skills relevant and future-proof your career by earning yourVMware Certified Professional – Network Virtualization (VCP-NV) certification for half price through June 30, 2015.

Plus, if you have certain Cisco certification*, we will waive the course requirement in recognition of your previous certification through January 31, 2016. Visit the VCP-NV certification requirements page for complete details.

Whether you are earning your first VMware certification or seeking recertification this is a terrific opportunity to discover cutting-edge NSX technology and save on your exam.

Certification Exam Code Discount Code
VCP-NV VCPN610 VCPNV50

You must complete your exam by June 30, 2015 to save 50%…Enjoy 🙂

For more information visit :- https://mylearn.vmware.com/mgrReg/plan.cfm?plan=63030&ui=www_edu