Section 7 - Perform Advanced VMware NSX Troubleshooting

Objective 7.1 - Troubleshoot Common VMware NSX Installation/Configuration Issues
  • Troubleshoot NSX Manager services
  • Download Technical Supports logs from NSX Manager
  • Troubleshoot host preparation issues
  • Troubleshoot NSX Controller cluster status, roles and connectivity
  • Troubleshoot Logical Switch transport zone and NSX Edge mappings
  • Troubleshoot Logical Router interface and route mappings
  • Troubleshoot distributed and edge firewall implementations
 
Troubleshoot NSX Manager services:

There are two logs to have a good look at (1) the NSX Manager log and (2) the System log.
These commands are:

- show log manager 
- show log system
- show log system follow

Troubleshoot host preparation issues:

- Check the Communication Channel Health. Run this option on either the cluster or host level.

- Check the ESX Agent Manager. This is responsible for automating vSphere agents. Check this from Web Client under vCenter Server Extensions.

vcix nv 711

Troubleshoot NSX Controller cluster status, roles and connectivity:

- show control-cluster status
- show control-cluster roles
- show control-cluster connections

Section 7 - Perform Advanced VMware NSX Troubleshooting

Objective 7.3 - Troubleshoot VMware NSX Edge Services Issues

  • Troubleshoot VPN service issues
  • Troubleshoot DHCP/DNS/NAT service issues
  • Troubleshoot Logical Load Balancer implementation issues
  • Download Technical Support logs from NSX Edge instances
Edge Services Gateway:

- show service ...
- show service all 
- show service sslvpn-plus
- show config sspvpn-plus
- show log
- show log follow
- show log reverse

Troubleshoot DHCP/DNS/NAT service issues:

- show nat
- show config nat

Troubleshoot Logical Load Balancer implementation issues:

- show config loadbalancer
- show service loadbalancer

Section 8 - Utilize API Commands to Manage a VMware NSX Deployment

Objective 8.1 - Administer and Execute calls using the VMware NSX vSphere API
  • Construct and execute an API call using correct syntax and formatting
  • Programmatically configure system parameters including:
    • NSX controller syslog
    • Modify DLR declared dead time
  • Analyze, modify, and successfully retrieve configuration data using an existing API call
Using PostMan:

- Select Basic Authentication

NSX controller syslog:

GET request:

- https://nsxserver.lab.local/api/2.0/vdn/controller/controllerId/syslog
Identify ControllerID:
- https://nsxserver.lab.local/api/2.0/vdn/controller

<?xml version="1.0" encoding="UTF-8"?>
<error>    
<details>Syslog server is not configured for controller controller-5.</details>    
<errorCode>1255402</errorCode>    
<moduleName>core-services</moduleName>
</error>

 

POST request:

Use RAW and XML settings.

Template:

<controllerSyslogServer>
<syslogServer></syslogServer>
<port></port>
<protocol></protocol>
<level></level>
</controllerSyslogServer>

 Example:

<controllerSyslogServer>
<syslogServer>10.3.58.177</syslogServer>
<port>514</port>
<protocol>UDP</protocol>
<level>INFO</level>
</controllerSyslogServer>

Modify DLR declared dead time:

Identify Edge:
- GET https://nsxserver.lab.local/api/4.0/edge
- GET https://nsxserver.lab.local/api/4.0/edges/edge-42/highavailability/config

Result:

<?xml version="1.0" encoding="UTF-8"?>
<highAvailability>    
<version>12</version>    
<enabled>true</enabled>    
<declareDeadTime>14</declareDeadTime>    
<logging>        
<enable>false</enable>        
<logLevel>info</logLevel>  
</logging>    
<security>        
<enabled>false</enabled>    
</security>
</highAvailability>

PUT request:  (Make sure you are using PUT this time)

<highAvailability>    
<declareDeadTime>15</declareDeadTime>
</highAvailability>

 

 

Deploy the NSX Manager virtual appliance
Integrate the NSX Manager with vCenter Server
  • Configure Single Sign On
  • Specify a Syslog Server
Implement and Configure NSX Controllers
Exclude virtual machines from firewall protection according to a deployment plan
Deploy the NSX Manager virtual appliance
Requirements:
  • Working vSphere 5.5 environment (vCenter appliance, ESXi, Management VM network).
  • NSX Manager Appliance.
Deploy the NSX Manager OVF:
  • In the vSphere Web client, right click your cluster and select “Deploy OVF Template”. Select the local file that you just downloaded.
  • The “Review details” gives you an overview of the VM requirements and requires you to tick “Accept extra configuration options”.
  • Accept the EULA (or not and continue to use legacy networking).
  • Select the destination VM name, vCenter folder, datastore, management network portgroup.
  • Customise the NSX Manager settings and enter a password, hostname, IP details, DNS servers and NTP servers.
  • Review configuration and click “Finish”.
Integrate the NSX Manager with vCenter Server
Requirements:
  • NSX Manager deployed and running.
Register NSX Manager to vCenter:
  • Connect to the NSX Manager web interface via https://your.nsxmanager
  • Click on “Manage vCenter Registration”.
  • Click on the “Edit” button of the Lookup Service.
  • Fill out your SSO server details. Accept the certificate when asked.
  • After registering with SSO, click the “Edit” button for the vCenter Server.
  • Enter your vCenter server details. The tick “Modify plugin download location” is only required when the NSX Manager is behind a firewall type of masking device (don’t do that though). Also accept the SSL certificate when proceeding.

When that’s done, the Lookup Service and vCenter Server status should say “Connected” and you should have the “Networking & Security” plugin registered in your vCenter (the last one might require logging out and back in again).

 

You want to configure a Syslog server so the NSX Manager can push its audit logs and events to a central logging repository.
I am utilising vRealize Log Insight.
  • Log into the NSX Manager appliance webpage with the Admin account.
  • Click the Manage Appliance Settings tab.
  • Under Syslog Server click the Edit button and enter the specific details for your Syslog Server, enter the 514 as the port and UDP as the protocol. 
  • Click OK.
Implement and Configure NSX Controllers
Requirements:
  • NSX Manager registered to vCenter server.
  • NSX IP Pool for NSX Controllers created.

Deploy the NSX Controllers always in an odd number to avoid split-brain situations. Deploy either 1 (only in a lab!), 3 (recommended), 5, etc., based on scale. Current scaling of NSX can be handled by 3 NSX Controllers. After deploying manually set up DRS anti-affinity rules to keep the controllers running on different ESXi nodes.

Deploy NSX Controller(s):
  • Navigate to Networking & Security and then the “Installation” menu.
  • Click on the “+” icon in the “NSX Controller Nodes” view to start the deployment procedure.
  • Fill out the required details; which vCenter datacenter, cluster, datastore you want to deploy on. Select the VM management network portgroup, the IP
  • Pool and the password of the controller.
  • Click “OK” when satisfied with your settings to start deployment.
  • Repeat step for the remaining NSX Controllers you would like to deploy.

The settings for deploying a NSX Controller might look like this:

When deployed successfully, your “NSX Controller nodes” view will look like this:

Exclude virtual machines from firewall protection according to a deployment plan
By default, the NSX Manager and NSX Controllers are automatically excluded from the Distributed Firewall (DFW). Any Edge Service Gateways (ESG) are also excluded when they are deployed.
To add the vCenter Server and the external PSC to the exclusions list:
  • Log into the vSphere Web Client.
  • Click the Networking and Security icon, then click NSX Managers
  • Select your NSX Manager and then click the Manage tab
  • Click the Exclusion List tab
  • Click the + sign to add a virtual machine to exclude, select your VMs and then click OK

Note: After excluding a VM should you add an additional vNIC to the VM it will automatically be protected by the DFW. To exclude the vNIC you need to remove the entire VM from the Exclusions list and re-add. (or you can reboot the VM).

AUST IT - Computer help out of hours, when you need it most.

Find out why we do it for less.

About

AUST IT will help you resolve any technical support issues you are facing onsite or remotely via remote desktop 24/7. More...

Contacts

Reservoir, Melbourne,
3073, VIC, Australia

Phone: 0422 348 882

This email address is being protected from spambots. You need JavaScript enabled to view it.

Sydney: 0481 837 077

Connect

Join us in social networks to be in touch.

Newsletter

Complete the form below, and we'll send you our emails with all the latest AUST IT news.