Musings from a past life

Clinton Prentice | Tauranga | New Zealand

VCAP6-NV (3V0-643) Study Guide – Part 20. Troubleshoot VMware NSX Connectivity Issues.

Clinton Prentice on November 17, 2016

This is part 20 of 22 blogs I am writing covering the exam prep guide for the VMware Certified Advanced Professional 6 – Network Virtualisation Deployment (3V0-643)  VCAP6-NV certification.

At the time of writing there is no VCAP Design exam stream, thus you’re automatically granted the new VMware Certified Implementation Expert 6 – Network Virtualisation (VCIX6-NV) certification by successfully passing the VCAP6-NV Deploy exam.

For previous blogs in this series please refer to the VCAP6-NV Reference Guide I created. This has all the links to VMware NSX content and lists out each exam objective and the associated blog. Check it out here –>Exam Objective Reference Guide.

This blogs covers:

Section 7 – Perform Advanced VMware NSX Troubleshooting
Objective 7.2 – Troubleshoot VMware NSX Connectivity Issues

  • Monitor and analyze virtual machine traffic with Flow Monitoring
  • Troubleshoot virtual machine connectivity
  • Troubleshoot dynamic routing protocols

 

Another short blog post. I cannot see the point in going into troubleshooting detail here when in your lab you will be deploying, configuring, breaking, fixing and picking up more skills than reading this \o/

Flow Monitoring

Flow Monitoring is a tool that can be used to analyse ingress and egress traffic of virtual machines that are members of vSphere clusters connected to NSX.

You need to enable Flow Monitoring as it is disabled by default.

You can see information such as source and destination IPs, protocols, ports and the number of sessions and the amount of data being transferred. You can also see traffic flows that have been allowed or blocked by the Distributed Firewall etc.

There is information like: Top Flows, Top Destinations and Top Sources.

There is also an option to see Live Flows for a specific vNIC of a VM in real-time and an option to add allow or deny rules directly from the flows you can see in flight.

Enable Flow Monitoring

First thing you need to do is enable the Global Collection Status.

Log into the vSphere Web Client.

Click Networking and Security.

Click Flow Monitoring followed by Configuration.

flow.JPG

Click the Enable button to start the Global Flow Collection. You will see the status change to Enabled.

flow2.JPG

It will take a short period before data will be seen on the Dashboard.

Under the Global Flow Collection status you can see the Exclusion Settings. These are options to exclude specific ‘things’ from the collection flow. If you click on any of them you can configure specific options.

The options under Destination shows the following how I can exclude IPs and ports for example. Click the green plussign to add a specific object like an IP or MAC set.

flow3

Flow Monitoring Dashboard

On the Dashboard tab you can see Top Flows, Top Destinations and Top Sources.

Dashboard Top Flows:

flow4

Dashboard Top Destinations:

flow5.JPG

Dashboard Top Sources:

flow6.JPG

Details by Service

Clicking on the Details by Service tab you can see the actual services that are collected, the amount of data and number of sessions.

You can click on Allowed Flows or Blocked Flows. This information is filtered based on rules from the DFW.

flow7.JPG

If you click a Service you can actually see the traffic flow from the source and destination and Add a DFW Rule from that flow to allow or deny (depending on the tab your on). If a rule already exists you can also edit the rule.

Below I am clicking on this one specific HTTPS flow and then click the Add Rule option. From here I could create a deny DFW rule for this flow.

flow8.JPG

If I go into the Firewall section in NSX I can see my Block HTTPS rule has been created.

dfw222.JPG

Live Flow

Live Flow allows you to see real-time traffic flows for a specific VM network interface.

Click the Live Flow tab.

Click the Browse button.

Select a vNIC of a specific VM. Then click Start.

flow9.JPG

Below is the traffic being displayed in real-time.

flow10

*VMware mention in the documentation that live flow can affect the performance of NSX Manager and the VM, so make sure you stop when you are finished.

Troubleshoot Virtual Machine Connectivity

Remember a VM must be connected to a Logical Switch for it to communicate with another VM. You can add and remove VMs from Logical Switches.

A Logical Switch must be connected to a Distributed Logical Router or Edge Services Gateway to communicate with other Logical Switches.

Make sure you check all the other basics you would for a virtual machine. Make sure you check gateways and subnet masks/CIDRs etc should VMs being having any issues communicating.

Add a VM to a Logical Switch

Log into the vSphere Web Client.

Click Networking and Security.

Click Logical Switches. Select a Logical Switch.

ls.JPG

Click the iconicon to Add a VM to the Logical Switch.

Select the VM to add.

add.JPG

Select the VM NIC/s to Add. Click Next and Finish.

nic.JPG

Remove VM from Logical Switch

Select a Logical Switch.

Click the icon2 icon to Remove a VM from Logical Switch.

Select VM/s and click OK.

blai.JPG

Test Connectivity 

Double-click on a Logical Switch.

Click on Monitor. Here you can do Ping and Broadcast Tests.

test

Troubleshoot Dynamic Routing Protocols

Refer back to blog 7 on how to configure all three of the dynamic routing protocols that NSX supports.

Make sure you practice in your lab. Make sure you know how to configure OSPF, BGP and IS-IS. Test with pings etc going over the routes to confirm its functional.

And that’s it for this blog!

Blog 21 will cover:
Objective 7.3 – Troubleshoot VMware NSX Edge Services Issues

  • Troubleshoot VPN service issues
  • Troubleshoot DHCP/DNS/NAT service issues
  • Troubleshoot Logical Load Balancer implementation issues
  • Download Technical Support logs from NSX Edge instances

Follow me on Twitter or LinkedIn.

Be Social; Please Share.

Like this:

Like Loading...
  • Category: VCAP6-NV Study Guide, VMware NSX
  • Post navigation

    Previous: Previous post: vSphere 6 ESXi Hosts – Bulk Password Change.
    Next: Next post: VCAP6-NV (3V0-643) Study Guide – Part 21. Troubleshoot VMware NSX Edge Services Issues .
  • Share this:

    • Click to share on LinkedIn (Opens in new window)
    • Click to share on Twitter (Opens in new window)
    • Click to share on Facebook (Opens in new window)
  1. VCAP6-NV (3V0-643) Study Guide – Exam Objective Reference Guide – Virtualising Middle Earth November 18, 2016 at 9:03 am

    […] Objective 7.2 – Troubleshoot VMware NSX Connectivity Issues […]

    LikeLike

    Reply

  2. VCAP6-NV (3V0-643) Study Guide – Part 19. Troubleshoot Common VMware NSX Installation/Configuration Issues – Virtualising Middle Earth December 2, 2016 at 11:43 am

    […] Blog 20 will cover: […]

    LikeLike

    Reply

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

Site Visitors

  • 156,445

Follow me on

  • View clintonprentice’s profile on LinkedIn

Category

3PAR Advocacy AWS Backup & Recovery Certifications Cloud Migration NetApp Nutanix Thin Space Reclaim VCAP6-NV Study Guide Veeam VMware NSX VMware vCloud Director VMware vExpert VMware View VMware vRealize Log Insight VMware vRealize Operations Manager VMware VSAN VMware vSphere

Archives

Certifications

vmware
Capture
vcix
vmw-lgo-cert-adv-pro-6-ntwk-virt-deploy-k
vcap-dta
vcap-dca
NPP5.0
vaws
vcp-cloud
vcp-dcv
vcp-dt
vcp6-dtm
vmaze
vmcitp
VMTSP PNG WHITE
VMSP PNG WHITE

Recent Posts

  • Nutanix Platform Professional 5.0 July 11, 2017
  • Today, I got Veeam’d April 20, 2017
  • RiverMeadow Cloud Migration SaaS March 15, 2017
  • VMware VCAP6-NV Exam Experience December 16, 2016
  • What’s New in VMware vSphere 6.5 – Technical… November 30, 2016

Search

Related

Blog Stats

  • 156,445 hits
View Clinton Prentice's profile on LinkedIn
Website Powered by WordPress.com.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Musings from a past life
    • Join 25 other followers
    • Already have a WordPress.com account? Log in now.
    • Musings from a past life
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Copy shortlink
    • Report this content
    • View post in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...
 

    %d bloggers like this: