Category Archives: Networking

Passed VCP-VMware Certified Professional 6 – Network Virtualization (VCP6-NV #02V0-642)

Little History

Ten years back I became VMware Certified Professional 3.0. Then It was Credit Suisse which has organized training for us. Over a period and policy changes, my VCP got expired. I never got intimation because my email was associated with any company I was no longer working.

Lesson Learnt: Always associate a valid email address with your my learn portal. Please note if you are vmware partner and you have mylearn account you should ensure both are synch’ed. Typically userid and email for my learn remains unchanged but when you register as partner you have choice to merge these account. Do it now.

Why VCP Again

In 2017, I choose to re-validate my VCP. I had several choices in front of me, e.g., VCP-DCV, DTM, NV.  From these Network Virtualization (NSX) was more appealing for following reasons

  1. Opportunity to learn NSX
  2. The network is my weak link
  3. Eagerness to learn new things Since Desktop and Server virtualization I’m very much familiar.

Never-Ever De-focus

I will digress a bit here. Last year I focused on VCP-DTM and right in the middle of the road I dropped it. I have prepared for this exam for four months. Never de-focus. A task, A goal taken in hand must be fulfilled. I learned that in a hard way, therefore I did thorough planning for this exam.

Here was my high-level Plan

VMware Certified Professional -2V0-642
Plan for VMware Certified Professional -2V0-642

Except for the first objective, nothing went as per plan. Since 1st Nov was targetted date, I made sure everything was moving in that direction.

One fine, day I came across VMUG post by Chris Mcain here, I thought several days is it worth to spend so much money in re-validate a VCP certification. It was a tough decision.

Lesson Learnt: Don’t let your VCP expiry. A contrary blog post you can read here.

Approach to Learn NSX

One of the chief reason I purchased this package was the flexibility of attending VCP training. One of the hurdles in Attending classroom training is locating the right training slot (date, City) or making free time from your office work. I’m not the fan of online training which is mentor led. As Online training is full of distraction and least useful as there are many spaces between you and the trainer.

That being said the training I attended is nowhere near to pass the exam. I will give my full credits to Elver Sena Sosa as he has written a fantastic book. Without this book, I would never have developed any interest in NSX.

Contrary to claims by many on the efficacy of this book for 2V0-642 exam, I didn’t come across a question where I have to think if this is 6.1 or 6.2 feature.

NB: Book was released in 2016 a time when 6.2 was also released but exam on NSX 6.2 was released much later. In simple words, you will find reference to 6.2 in this book and might get mistaken. Read here for more details

When & Why I bought the VMUG NV Package

When I left VMware in 2015  NSX was a very hot topic in the industry mainly due to Cisco giving undue attention to it. I always considered unless I know which use case NSX is addressing and what are the problems of Networking I will not get bothered. While reading the book my interest in NSX grew a lot.

It is when I choose to buy the NSX package. The link above provides the details about the package. I think it is the most economical way to become VCP again.  If you wish to pass the VCP-NV exam, you must read this book. I’ll repeat Training is not sufficient at all.  Another exciting feature of this book, you get five practice test. This practice test is the best place to evaluate yourself.  I strongly advocate you buy the premium book which includes 5 practice test.

Preparation Time

I bought this package on 26th July 2017. In pretty much three months, I was able to cover most of the VCP-NSX. As part of this package, I also got Exam prep access. I would strongly suggest going through this at least once. It will give an idea as to what you need to read individually from lengthy Admin, Installation guide.

VCP Criteria

In spite of me being VCAP-DCD, VCP3,4 and 5 I still have to give VCA exam. I felt idiotic to give this exam. I just went online (read official certification guide for two days) and cracked it. It is to my perfect waste of time. I have requested VMware Certification to drop this request here. Please vote if you feel the heat.

You must fulfill mentioned below Three criteria to become VCP

  1. Attend training (online/self-paced,classroom) – 1800 USD
  2. Pass VCP-NV exam (Proctor) – 250 USD
  3. Pass VCA exam (non-proctor) – 125 USD

Total = 2175 USD (yes, I read your mind)

Personal Lesson Learnt

  1. It takes the reasonable amount of time to learn new technology.  If I take a leave for 30 days and start preparing for it, it would not work for me. Learning new technology is slow & steady process.
  2. There is no need to rush to learn new technologies (you have a life to live, family to take care), irrespective what rate it changes. e.g. Cisco ACI and VMware NSX. No one needs any proof NSX was and is a way ahead in solving Datacenter networking challenges. I meant if the technology is robust it will stay in the market for minimum ten years. Likewise, if K8s is stronger, it will sustain. Another example is of AWS.
  3. A Good Book, A good Mentor, is must to learn new technologies. In the absence of both, you will either skip the technology or lose the interest. A good mentor  (Jason Nash) guides you and explains you by giving Analogy while the good book makes you learn a thing as if you are reading a Novel. A another great example of Good Book is vSphere HA book by Duncan Epping and Frank Denneman and Another excellent book by Duncan Epping and Cormac Hoggan. Thanks a lot for these books.

[Nutanix] Networking in AHV for vSphere administrators

Introduction

Acropolis Hypervisor (AHV) is growing in features and adoption. What is most impressive is the way Nutanix is leveraging KVM (Open Source) making it very easy to use. Networking in AHV is one of the brilliant examples. In this post, I would like to throw some thoughts on Host Networking and VM Networking. Open vSwitch (OVS) is the core of the Networking in AHV. OVS functions as a Layer-2 switch which learns and maintain MAC Address table. Each AHV instance has OVS. These instances combine to form one logical switch. To state it simply if you have six node Nutanix cluster then on each node you will have OVS instance. 6 Instances of OVS combine to form a single logical Switch. So by default, it is distributed switch. New learning and therefore new terminology

Continue reading [Nutanix] Networking in AHV for vSphere administrators

vCloud Automation Center 6.0 (vCAC 6.0)–Reservation Policies, Storage Reservation Policies, Network Profiles

Before we proceed further let me revise where we are. In first post here we Installed and Configure vCloud Automation Center 6.0 Identity Appliance (vCAC 6.0 Identity Appliance) and vCloud Automation Center Appliance (vCAC 6.0) and in second post here we Installed and configured vCloud Automation Center IaaS (vCAC 6.0 IaaS). In third post we went further to configure Tenant. As per below diagram we completed almost every configuration. This post will be focusing on optional configuration part

ComponentLevel

We created sales business group, assigned Business group admin to it. We created reservation and assigned reservation to sales BU. 

While creating reservation we stopped at explaining Alert tab. Lets resume with its discussion. It is optional configuration but worth understanding and enabling it. In cloud environment where things change dynamically we must configure alert.

Click on the ALERTS tab, Set the capacity alerts to on various parameters seen below.

image

Unless you have configuration notification alerts emails won’t be sent

Few consideration about Reservation

Reservation is a portion/share of resources which we assign to multiple business group (e.g. Sales, HR, Marketing) and multiple business group can have different reservation types (e.g. Gold, Silver and Bronze). In my environment Gold cluster was assigned to Sales and Marketing Business group in above figure. I have linked PDF copy to the figure. However reservation cannot be shared across the Business group.
If you have created reservation for, end user cannot request a Hyper-V resource using that reservation. Reservation type must match the platform defined in blueprint. If you name your blueprint accordingly this shouldn’t be problem at all.

Reservation Policy

It is collection of resources into group to make specific type of service available. Below I have created a policy by name Production Reservation Policy and included silver and gold reservation.

 

image

 

In below figure I tried to explain that you can have different reservations assigned to single reservation policy but Blue prints can have only one reservation policy assigned. However when resources are provisioned, only reservation which match the blueprint type are considered & allocated.

 

image

 

Reservation policy needs to be populated with reservations. However this is not quite easy to correlate in practice. When you create reservation you have an option to assign that reservation to the reservation policy. This is where association between reservation and reservation policies is created. Reservations are created for Business group and Business group have multiple reservation from fabric. With reservation policy you have an option to bring all types of reservation assigned to a business group under single reservation policy. let me explain it via simple diagram below

 

image

In above example we have tenant, under which we have created a Sales Business group. Inside Sales Business group I have created three reservation of different types. I defined have multiple reservations e.g. Cloud, Virtual and Physical. As Fabric administrator I have created reservation policy by name “Virtual Reservation Policy” to collect resources of both Virtual and Cloud reservations. This policy will help me to provision all virtual resource as long as I select in Blueprint/Reservation “Virtual Reservation Policy”. This is just one way of doing it.

You can create reservation or reservation policy first. There is as such no dependence. In fact reservation policies are optional part of over all piece. Better way to do is create reservation policy first.

Reservation policy is actually a tag. All you need to put a name to the tag, little description for it. To create reservation policy, Go to Infrastructure –> Reservation –>Reservation Policies and Click New Reservation Policies. As described above I have created two reservation policy and can be seen below.

  1. Production Reservation Policy for Gold and Silver reservation
  2. Gold Storage for production virtual machines

image

Creating reservation policy is not sufficient. You must Assign reservation policy to reservations which you intended to group together. So below I’m creating new reservations and assigning newly creating reservation policies each one of them as described above.

image

Storage Reservation Policy

Storage reservation policy is similar to reservation policy. Primary purpose is to collect datastore of similar characteristic into a group. Below I have created a storage reservation policy by name GOLD and got three different datastores (Datastore01, Datastore02 & Datastore03) of same characteristic into single storage reservation policy.

image

This tag helps to assign storage as per the requirement of application. In case Datastore 01 one is full, VM will be automatically provision to datastore 02. It means we just need to have storage reservation policy in place. Behind scene Gold storage from either of datastore01,02 or 03 is assigned for sure.

It is similar to storage profiles released in vSphere 5.0. However these tags were inherited by Dynamic ops. I wonder if there is still a use case of this tag when vSphere DRS cluster is becoming so much popular. Datastore cannot have multiple storage reservation policy e.g. Datastore 01 cannot have another storage reservation policy assigned but storage reservation policy can have different datastores. After storage reservation policy is created to be effective you must assigned it to volume.

Do not create storage reservation policy if you have well designed Storage DRS cluster

Similar to reservation policy, storage reservation policy is also a tag. You can create storage reservation policy from same interface as from reservation policy. Both are almost similar, at least I have not discovered any difference but logically they cannot be combined.

Assigning storage reservation policy differs from the assigning reservation policy. Storage reservation policy must be applied directly on datastores. Go to Infrastructure – Compute Resources – Compute Resources

image

Network Profiles

By default vCAC will assigns DHCP IP Address to all machine it can provision. DHCP is ok for non-production Server VMs but production Server VMs needs IP address. Probably we never need to worry about Desktop VMs as far as networking policies are considered. To allocate static IP is the primary intention of network profiles. It is way to create a pool of IPs using a pre-defined. You can apply network profiles while creating reservation or while creating Blueprint. 

Network profiles do not apply to AWS

Fabric Administrators defines the IP ranges, subnet mask, DNS, DHCP, WINS (does it exist yet???), DNS suffix and combine all these values into single profile referred as network profile. Network profile like reservation policies can be applied to the reservation, blueprints.

Create a Network Profile for Static IP Address Assignment

Login as fabric admin, navigate to infrastructure –> reservations –> New Network Profiles –>External

SNAGHTML3937ea3

1) Name of network profile –Append the name with type of profile e.g. Production External

2) Subnet mask for the network range

3) Gateway ( for NAT type network profile this field is compulsory)

4) Primary DNS server

5) DNS Suffix

SNAGHTML3a5e957

6) Click on IP Range tab. Below screen enter  IP Address you need to reserved for this profile. Provide name and description. Press OK once done

SNAGHTML3adcf91

After you press OK, below screen displays IP range and allocation status in status column.

SNAGHTML3ad3fd0

Now we have network profile, we need to assign it to reservation. Below here I’m  assigning it to existing reservation. Go to Infrastructure –> Reservations –> Edit Existing Reservation configured. For network path “VM Network” select network profile from drop down menu. Press OK

image

So in this post we learn the importance of reservation policy. How to configure reservation policy. We learnt about storage reservation policy and how to configure storage reservation policy. Storage reservation policy needs to applied to compute resource, while reservation policy needs to be configured at reservation screen. Then we went and checked the Network profile, it’s use cases. Finally we learnt How to configure network profile so that static IP’s can be assigned to Servers.

Next post I will be discussing how to create and configure vCloud Automation Center 6.0 (vCAC 6.0) Blueprints

Configure NetFlow Settings

NetFlow is a network analysis tool that you can use to monitor network monitoring and virtual machine traffic.

NetFlow is available on vSphere distributed switch version 5.0.0 and later.

Procedure

1 Log in to the vSphere Client and select the Networking inventory view.

2 Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.

3 Navigate to the NetFlow tab.

SNAGHTML5f0203b

The sampling rate determines what portion of data, NetFlow collects, with the sampling rate number

determining how often NetFlow collects the packets. A collector with a sampling rate of 2 collects data

from every other packet. A collector with a sampling rate of 5 collects data from every fifth packet.

9 Click OK.

How to enable Port Mirroring

Working With Port Mirroring

Port mirroring allows you to mirror a distributed port’s traffic to other distributed ports or specific physical

switch ports.

Create a Port Mirroring Session

Create a port mirroring session to mirror vSphere distributed switch traffic to specific physical switch ports.

Prerequisites

Needs a vSphere distributed switch version 5.0.0 or later.

 

Specify Port Mirroring Name and Session Details

Specify the name, description, and session details for the new port mirroring session.

Procedure

1 Log in to the vSphere Client and select the Networking inventory view.

2 Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings.

3 On the Port Mirroring tab, click Add.

SNAGHTML59c7339

4 Enter a Name and Description for the port mirroring session.

SNAGHTML5a5d7a6

Click Next.

Choose Port Mirroring Destinations

SNAGHTML5acdcd4

Click Next.

Choose Port Mirroring Destinations

Select Port, or uplink as destinations for the port mirroring session.

Port Mirroring is checked against the VLAN forwarding policy. If the VLAN of the original frames is not equal to or trunked by the destination port, the frames are not mirrored.

 

image

You can optionally enable port mirroring now or later now.

SNAGHTML5b7ceff

 

SNAGHTML5b96258

How to enable IPv6 on vSphere

Please note IPv6 is disabled by default.

Prerequisites

Required privilege: Host.Configuration.Network Configuration

Procedure

1 From the vSphere Client Home page, click Hosts and Clusters.

2 Select the host and click the Configuration tab.

3 Click the Networking link under Hardware.

image

4 In the vSphere Standard Switch view, click the Properties link.

image

5 Select Enable IPv6 support on this host system and click OK.

SNAGHTML5f98229

6 Reboot the host.

How to Manage Policies for Multiple Port Groups on a vDS

You can modify networking policies for multiple port groups on a distributed switch.

Prerequisites

Create a vSphere distributed switch with one or more port groups.

Procedure

1 Log in to the vSphere Client and select the Networking inventory view.

2 Right-click the distributed switch and select Manage Port Groups.

image

3 Select the policy categories to modify.

SNAGHTML22ca04f

For purpose of this discussion let’s select Teaming and Failover policy

So next screen are specific to Teaming and Failover policy only.

SNAGHTML22f7f67

 

SNAGHTML2324d5f

 

SNAGHTML23348fc

How to block Port Blocking in vDS

Port blocking policies allow you to selectively block ports from sending or receiving data.

Port Blocking Policy for a Distributed Port Group

The Miscellaneous policies dialog allows you to configure various distributed port group policies.

Procedure

1 Log in to the vSphere Client and select the Networking inventory view.

2 Right-click the distributed port group in the inventory pane, and select Edit Settings.

3 Select Policies.

SNAGHTML2201bd4

4 In the Miscellaneous group, choose whether to Block all ports in this distributed port group.

5 Click OK.

How to enable NetFlow

Monitoring Policy

The monitoring policy enables or disables NetFlow monitoring on a distributed port or port group.

NetFlow settings are configured at the vSphere distributed switch level.

Edit the Monitoring Policy on a Distributed Port Group

With the Monitoring policy, you can enable or disable NetFlow monitoring on a distributed port group.

Procedure

1 Log in to the vSphere Client and select the Networking inventory view.

2 Right-click the distributed port group in the inventory pane, and select Edit Settings.

3 Select Policies.

4 In the Monitoring group, select the NetFlow Status from the drop down menu.

SNAGHTML218da42

5 Click OK

Edit the Resource Allocation Policy on a Distributed Port

Associate a distributed port with a network resource pool to give you greater control over the bandwidth given to the port.

Prerequisites

Enable Network I/O Control on the host and create one or more user-defined network resource pools.

Procedure

1. Log in to the vSphere Client and select the Networking inventory view.

2. Select the vSphere distributed switch in the inventory pane.

3. On the Ports tab, right-click the port to modify and select Edit Settings.

SNAGHTML21150f7

 

4. Select Policies.

5. In the Resource Allocation group, select the Network Resource Pool to associate the port with from the drop-down menu.

SNAGHTML20e8e73

6. Click OK.