vRealize Network Insight with E/W or N/S

tl/dr: RFC1918 (private) addresses are categorized as E/W by VRNI by default, non-RFC1918 (public) addresses are categorized as N/S by default. You can flag private as N/S or public as E/W to ensure the reports reflect your environment.

Looking over the vRNI docs I ran into an interesting description.  Note these statements

There seems to be confusion and contradictions there. I would rewrite this as:

RFC1918
Defined by the IETF as private IP addresses, RFC1918 sets aside the networks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 for private or non-Internet use.

East-West IPs
VRNI classifies any IP address range addressed by the RFC1918 standard as East-West, which is traffic that is “internal” to your data center.  If you have addresses or networks outside of the RFC1918 range you would like classified as East/West, you can add those IPs to the East/West range.  This can be used for stretched clusters, hybrid clouds or any scenario where part of your data center is accessed by a public IP address.

North-South IPs
VRNI classifies any IP addresses not covered by the RFC1918 standard as North-South, which is traffic to or from a source “outside” of your data center.  If you have addresses or networks in the private address space you would like classified as North/South you can add those networks to the North/South range.  This is useful for environments were you have remote users or remote data centers accessed by private IP ranges but you want the traffic classified as North/South in your VRNI reports.

 

Posted in Network, NSX, Virtualization, VMware | Tagged , , | Leave a comment

Linksys wireless router Unexpected Error 2197

While trying to setup a new Linksys WRT3200 ACM router over the weekend I ran into a “Unexpected Error 2197” message while changing the router’s IP address.

I was looking to replace an existing router that was 192.168.0.1 internally instead of the 192.168.1.1 the Linksys router defaults to.

This popped up after I disabled DHCP and then changed the IP for the router and clicked Apply or OK.

After beating my head against a wall, I re-enabled DHCP, which let me edit it’s fields.

Changing the DHCP field to 192.168.0.100, then changing the IP address of the appliance worked just fine.

Apparently there is a check in place to ensure the internal IP address of the router is on the same subnet as the DHCP range – even if DHCP is disabled.  Go Figure.

 

 

Posted in Network | Tagged , , | Leave a comment

VCAP DCV 6.5 Deploy a.k.a VMware Certified Advanced Professional — Data Center Virtualization Deploy 2018 a.k.a 3V0-21.18

<Edit> Apparently I was the first to publicly take the exam! Hope the tips help out future candidates! Drop me a line if you have questions. I’ll be updating the Study Exam linked below for 6.5 in the coming weeks. </Edit>

A few days ago VMware certification announced the updated (6.5) VCAP-DCV Deploy exam, officially named VMware Certified Advanced Professional — Data Center Virtualization Deploy 2018 with an exam code of 3V0-21.18.

Note the exam title includes “2018” for the year you achieved the cert but not the version you’ve tested on.  We’ll have to see how that plays out in the future.  In 2019 will there be “2019” certs on multiple versions?

Certification page at VMware.com

Exam page

PDF of Exam Prep Guide fro VMware

This is a hands-on live-lab environment that has to be taken at a Pearson site.  $450, 205 minutes (plus 30min if your home address with your certification account is in a non-English country).

17 Questions (in theory, but some are multiple part.  I’d say there is the equivalent of 21 questions)

300-out-of-500 needed to pass

Interestingly the Exam Prep Guide has 25 sections but contains the comment:

(Not all sections will be tested on the exam)

Which is a first as far as I know for VMware exams.

The exam is aimed at those who manage and maintain Enterprise-class vSphere 6.5 with all the bells and whistles (vSAN I’m looking at you).  Just like the Hand On Labs environment, you are presented with a Windows desktop to run the exam from and a “manual” with the questions on separate pages.   If you want a first-hand look at a similar set up try my VCAP-DCV exam guide.

The goal is to read the questions and achieve the desired state of each question in the environment before time runs out.  In 4-6 weeks (per the exam guide) you will receive your score in an email.

In the environment you have access to lots of PDF documentation, but not the PowerCLI guide or hardening guide and the time of this post.  Also, no Adobe or other standalone PDF reader (just Chrome) so no searching all the PDFs at once.

No online docs, no kb.vmware.com

The environment has 7 hosts, 3 vCenters and 2 PSC controllers, don’t be surprised if you don’t access even half of the objects (incl VMs) that you see in the environment. All vCenters are linked so make sure you are working on the right object at all times.

You have access to all of the consoles – but function keys don’t work so you can’t log into the hosts via DCUI.

Still limited to 1280×800 max resolution, but you should only need the one desktop.

Most key strokes work incl backspace, ctrl-c/v/x but no Function keys.

Issues (at the time of this post):
Table of contents doesn’t work
Grammar errors
Some items had conflicting or wrong requirements
Little organization, questions are not structured the same and info is scattered around.
Doesn’t always give the info you need to find objects so either look around or use search.
Often doesn’t include all the info to complete tasks, so I guess pick the defaults or your best judgement.

Tips:

Take your time, you have lots of it.  I would skip any you need to read up on and save those for last.  There is plenty of time to learn what you need from the PDFs, but get done all you can w/o reading first.

Use the maximize button, make sure you are at the highest resolution on the desktop.

Scale down Chrome so you can see all of the options.

I maximize the console and hide/pull out the manual when needed.

Drag and drop from the manual works great, but watch for goofy spaces occasionally and try not to copy a bunch of text (happened to me twice) which can’t be stopped and you won’t be able to access the console until the text is copied.

Read carefully.  There are often gray boxes with requirements/info but key requirements are also scattered throughout the question.

Make sure you are on the right component.  If something isn’t available make sure you are looking at the right vCenter.  vcsa01a, vcsa02a, vcsa03a all look pretty similar at a glance and are not always in alphabetical order in the GUI.

If you get a strange/unexpected error or something is missing make sure you are looking at the right object.  If you are, log out and back in or close browser and try again before a deep-dive troubleshoot.

You might read ahead and do questions out of order.  I found at least one pair of items that worked better out of order.

Take notes as you go especially if you skip an item.

Make sure you are familiar with the 6.5 PDFs and what is where.

Study the official exam guide for what is on the test but be prepared to be tested on only a small portion of the exam guide.

Study all of the VCAP Deploy 6.0 study guides and be familiar with what’s new in 6.5

Posted in Certification, Computing, Virtualization, VMware | Tagged , , , , , | 10 Comments

VMWorld 2018: Tuesday

The keynote was nice as a client was on stage talking about the success of an implementation I helped with.  Cool stuff.

Then Sanjay talked to Malala Yousafzai which was pretty amazing.  Makes me wish I brought my daughters to VMworld.

VMware has been doing different things for a while now to get the community involved and make a difference in the world outside of IT, but this was by far the most impactful I think.

Spent time after tracking down the new VMware VCAP DCV 6.5 Deploy exam and managed to get scheduled for tomorrow morning.  Met up with some good folks and had more good talks in the Solutions Exchange.

The look on the Illumio guy’s face when I summarized his product as “guest firewall management” was pretty good.

Sessions:

Advanced NSX Data Center: Demystifying the VTEP, MAC, and ARP Tables [NET1106BU]

John Krueger, Principal Instructor, VMware NSX, VMware
Tim Burkard, Senior Technical Trainer, VMware

Pulled straight from “Troubleshooting NSX” this was 60 min of control plane how-does-this-work and some packet walking. BUMs will never be the same.

 

Architecting PKS for Production: Lessons Learned from PKS Deployments [CNA2755BU]

Romain Decker, Senior Solutions Architect, VMware
Suman Sharma, Sr. Staff Solutions Architect, VMware

PKS overview plus PKS and NSX-T deployment architectures.

Make sure you set up the IP pools correctly as that can limit scalability.

 

Now off to find the vExpert party!

Posted in API, Certification, Network, NSX, Virtualization, VMware | Tagged , , | Leave a comment

VMWorld 2018: Monday

Today kicked off with the main keynote featuring Pat Gelsinger.  There were several new announcements including:

Amazon RDS database service will now run on your local VMware servers
VMware ESXi now fully supports ARM processors
VSAN now supports S3 storage

I don’t have a lot of info or any experience with this yet, but the day is young.

Met some interesting vendors incl Faction (DR w/ low cost storage standing up VMC on AWS), Morpheus (vRealize Automation competitor with claimed better plugins/compatability), Caveonix with a cool new security/standards products, and AT&T security.

Hit two sessions today:

HYP2145BUS

Hybrid cloud architecture design and best practices for VMware Cloud on AWS

Aarthi Raju, Partner Solutions Architect, Amazon Web Services
wen yu, Partner Solutions Architect, AWS

A run through of migrating workloads like Oracle to AWS.

discussed tools like RMAN and Veeam backing up to S3 then restoring into an SDDC

briefly discussed the annoucement today that AWS direct connect won’t require VPN connectivity to stretch L2.

 

 

HYP1496BU

A Practitioner’s Guide to Migrating Workloads to VMware Cloud on AWS

Discussed the tools to play a migration incl Cost Insight and Network Insight

Demo’d HCX (Live!)

More note later, time to find the Rubrik party!!

Edit: Found the Rubrik party.  Run-DMC was great, The Roots are incredible live!

 

Posted in CLI, Cloud, Computing, Disaster Recovery, Security, Storage, Virtualization, VMware | Tagged , , , | Leave a comment

VMWorld 2018: Sunday Funday!

Another year another VMworld!

I got registered early this morning and headed to the HandOnLabs.  Lots of 19xx labs, but nothing groundbreaking that I noticed – mostly updates.  Hopefully any big announcements will release cool labs.

I tried challenge labs for the first time and the NSX one (SPL-1992-01-CHG) has a lot of depth – the first hour or so is learning the environment, then they have you launch a powershell script that provides a whole bunch of troubleshooting scenarios.  Selecting a scenarios kicks off a script to break the environment, leaving you to fix it.   Pretty cool stuff.  I’ll have to dig into it more after VMworld.

I also got on track for Cloud Cred who have lots of giveaways all week incl Go Pros and Drone, plus there is a VMware {code} program (vmcc) that is also gamifying learning by giving you “coins” for different activities (incl HoL) but the have a little store in the {code] booth in the hangspace where you can cash in the coins for things like tshirts and phone chargers.

Goody bag for vExpert at the {code} desk and one for being NSX certified at the Cert desk.

Tried to sign up to take the new 3V0-21.18 VCAP DCV Deploy (on vSphere 6.5) exam but the exam is not available for sign ups yet.

Sessions

Hit 4 sessions today – when did they start making 30min sessions?  That is not a lot of time!

HCI1475QU : Demystifying vSAN Management for the Traditional Storage Administrator

Pete Koehler, Sr Technical Marketing Architect, VMware

This session packed a whole bunch of info into the time available.

A brief overview of traditional vs vSAN followed by some of the differences and then some of the key things to know about vSAN.

Takeaways:
vSAN is truly-clustered, object-store based on block storage.
The network is the storage fabric
Functionality is based on the number of hosts
If you size to the minimum hosts required you can’t recover before a host is added.
Need ~30% slack space plus the failure mode requirements for overhead.
Performance and Availability are set per-VM

 

DEV1965QU

QuickStart DevOps Culture with VMware

Marshall Massengill Senior Consultant, VMware

This was a quick overview of DevOps and a brief discussion of how a DevOps implementation by VMware might look.

Takeaways:
Did you know VMware would come over and teach you DevOps?
DevOps can’t be downloaded.
People, Technology, products
Can use a structured approach with one company’s framework or a best-of-breed which might be more chaotic

 

NET1631QU

NSX Data Center for vSphere Hardware Gateway Solution

Hongya Qu Staff Engineer 2, Architect, VMware

Hardware VTEPs with NSX.  Who, when, why.

Takeaways:
Use software bridge if the VLAN is available to a vDS unless you have scalability/performance needs
Use case: Migrate, Integration, L2 stretch
OVSDB is the protocol NSX will use to talk to the HW gateway to setup the interaction.
Can use GUI or API to setup w/ NSX
You add hosts to use as “replicators” so the hardware gateway doesn’t need to handle BUM traffic
Troubleshoot control plane then data plane
Can use redundant hardware gateways w/ BFD
Not available with NSX-T/NSX-Cloud (yet)
Quite a few vendors (incl Cisco 9k tho that was not mentioned in the presentation)

 

NET2155QU

Troubleshooting for VMware NSX Data Center for vSphere

Hammad Alam Lead Solutions Architect- Networking and Security, VMware

Everything you can learn about NSX troublshooting in 34min.

The organization really stood out here as this should be a several-hour lecture (or 4-day ILT) but he got the overview and covered the basics in just over 30min.

Takeaways:
level 1: Know the basics of NSX and your environment
level 2: Use VMware tools VRNI, Log Insight, NSX UI
level 3:Use third party tools like wireshark w/ packet capture
Native tools are closest to the truth
PowerOps is amazing and shows config state vs actual state (router config vs route table)

Caught up with some clients and some folks that knew me from the VCAP/TestTrack days.  Heading to bed to get a good start on tomorrow.

Posted in API, Certification, CLI, Cloud, Computing, Scripting, Storage, Virtualization, VMware | Tagged , , | Leave a comment

NSX-T a.k.a NSX Cloud API tips and tricks

NSX-T has lots of interesting capabilities, but due to the rapid development and release cycle many are only available via API calls right now.

Making a request

While the NSX-T documentation has some nice examples such as:

  1. Configure an L2VPN service.

Use the POST /api/v1/vpn/l2vpn/services call.

POST /api/v1/vpn/l2vpn/services { "logical_router_id": "b6fe5455-619b-4030-b5f8-8575749f4404", "logical_tap_ip_pool" : [ "169.254.64.0/28" ], "enable_full_mesh" : true }

It doesn’t exactly hold your hand to get going.

What you’ll need is a RESTful API client like Postman from Google and some important settings:

URL:    https://<IP or FQDN of the NSX-T manager>/api/v1/vpn/l2vpn/services

(the part after /api will change depending on what call you are making)

Authorization:
Authorization: Basic Auth
Username: admin
Password: <admin password for NSX-T Manager>

Headers:
Content-Type  application/json

(this only matters when you are sending a body in the request, such as a POST request like this one.)

Body:

Raw: <Copy the sample code, modified for your environment>

That should get the request set without any “UNSUPPORTED MEDIA TYPE” or “content type not supported” messages.

Adding all the APIs as a Postman Collection

Note that you can add the NSX-T API calls as a collection into Postman by doing :

GET  https://<IP or FQDN of the NSX-T manager>/api/v1/spec/openapi/nsx_api.yaml

Select can copy all of the text in the returned body:

Then click Import in the top bar, select Paste Raw Text and paste the copied body in:

Before you click Import, scroll up ti the very top and change “host: nsxmanager.your.domain” to the FQDN of your NSX T manager.  Then click Import.

After you see the imported message

You will have a new collection listed  If you double-click on one of the requests, the request will populate with the call including the proper content type and the FQDN/IP of your NSX Manager:

 

Posted in API, Cloud, Network, NSX, Virtualization, VMware | Tagged , , , | Leave a comment

VMC on AWS – Sign up for a paid trial

VMware announced sometime back the availability to rent bare-metal vSphere hosts in an AWS data center, with such perks as the (included) ability to stretch from your existing data center and “local” no-egress-charge access to AWS features like S3.

They recently announced a single-host version available for testing, with a few caveats:

$7 per hour and if you want to stop the charge you have to delete your SDDC.  If you don’t delete is $5k for the month.

Takes about 2 hours to deploy/redeploy an SDDC.

You can’t have an single-host SDDC running more than 30 days – it will automatically be deleted and erase all data.

You need to have an AWS account as well – and you want to make sure your services are in the same VPC/AZ to keep egress costs down if you use AWS services.

You can upgrade to a 4-host SDDC at any time, but the price is  $33.47/hr if you don’t reserve a year or three.

You can skip over to https://cloud.vmware.com/vmc-aws and hit “Get Started”

VMware has a video to walk you thorough kicking it off correctly

I hope to have some posts shortly demoing some of the features like HCX and IPSec back to on -prem and moving VMs to/from S3.

Posted in Cloud, Computing, Virtualization, VMware | Tagged , , | Leave a comment

Day 9: VMware Center for Advanced Learning – Advanced Architecture Course

Day 1 2 3 4 5 6 7 8

Presentation day!

After lots of long hours working on the deck and the talking points, the presentation was delivered.  We had a panel of 9 experts sitting in as the client, responding to the presentation as it went and asking follow-up questions.

Afterward there was an awards presentation for best teams and top individuals with cool jackets and other prizes.

To recap the experience, it was a 9-day whirlwind of advanced product knowledge, road map (services and products), and soft skills training like informal and formal CxO interactions.

I look forward to working with colleagues on these skills and using them to help customers solve their business problems.  No more “Hey I have a cool product,  let see what excuse we can find to sell it to you” but “Lets work together to identify and resolve the problems preventing you from succeeding.”

Now I desperately need some sleep.

Posted in Virtualization, VMware | Leave a comment

Day 8: VMware Center for Advanced Learning – Advanced Architecture Course

Day 1 2 3 4 5 6 7

Containers, PKS, PCF, Docker, K8, Developer cloud, machine learning.

Emerging technology, but lots of similar-but-different info on the last day and almost all PowerPoint-delivered.  HoL or actually writing code would have been nice.

5 more hours on the project, I think we are up to low-30s in the number of hours spent.  I hope we survive tomorrow!

Posted in Virtualization, VMware | 2 Comments