NSX-T

NSX Alarms in vCenter Server using vSphere Events in vSphere 8

10.19.2022 by William Lam // Leave a Comment

I recently learned about a really cool capability that is part of the NSX Easy Install feature that was initially introduced back in vSphere 7.0 Update 3, allowing administrators to easily deploy, configure and manage NSX directly from vCenter Server using the vSphere UI.

Here is a demo of this feature in action by fellow VMware colleague Vladimir Velikov, one of the Engineers who worked on the initial integration:

While reviewing the latest NSX 4.0.1.1 release notes, which adds support for vSphere 8 and DPU-based offloading, I found this little nugget at the very end of the What's New section under NSX vSphere UI Integration which states:

NSX Events Integrated in vCenter

🤩 whoa, the possibilities of this integration is immense, especially from an automation and event-driven standpoint ... In fact, this is something VMware Event Broker Appliance (VEBA) users have been asking for, a way to tap into the rich Alarms and Events provided by NSX, similiar to what vCenter Server provides out of the box with over 2000+ events.

[Read more...]

Integrated NSX-T deployment in vSphere 7.0 Update 3 fails with timeout

10.11.2021 by William Lam // 2 Comments

One of the new features highlighted in the latest vSphere 7.0 Update 3 release is the integrated NSX-T deployment and configuration workflow found directly within the vSphere UI as shown in the screenshot below.

After you click on the the "Install NSX" button, it will prompt for the NSX-T OVA and then take users through a guided wizard to on deploying and configuring NSX-T. I noticed that a few users were reporting a timeout issue after running through the workflow:

Cannot complete the operation: See the event log for details. Timeout: The task did not complete within the expected time span

I have not used this plugin before, so I was not sure what the issue was until I came across this Tweet from Validimir Velikov, a vSphere UI Engineer who had worked on the integrated NSX-T plugin and shared the reason for this error. A newer version of NSX-T will be needed to use this feature as the vSphere UI expects a "callback" from NSX-T Manager when the deployment and configuration is complete, which the current released version of NSX-T (3.1.3.1) does not support.

As discussed, current released versions of NSX-T don't support the vSphere integrated flow. A new NSX-T version should come shortly.
Otherwise, the flow expects a callback from the NSX Manager after deployment which never comes for old versions - hence, the timeout error. 😉

— Vladimir Velikov (@vladi_velikov) October 9, 2021

I think we could have provided a better user experience by first checking the NSX-T OVA version and ensuring that it meets the minimum version that supports this capability. Hopefully this is something we can improve upon in the future.

Retrieving network statistics on VMware Cloud on AWS using NSX-T Policy API

07.16.2020 by William Lam // 1 Comment

One question that has come up lately from VMware Cloud on AWS customers is to understand their network traffic usage, especially as it pertains to traffic that exit or egress their SDDC. There are a number of graphical tools that can be used today to get insights into this information, one is the popular vRealize Network Insight Cloud solution which many of our VMware Cloud on AWS customers are taking advantage of to not only understand traffic usage and flow data history but is also instrumental in aiding customers when planning workload migrations from their on-premises datacenter to VMware Cloud on AWS.

While researching this topic, I also came to learn that this information can be retrieved using the NSX-T Policy API which is available to all customers to use. We are going to be leveraging the Tier-0 statistics interface API from NSX-T which will give us both transmit and receive stats on all supported interfaces. From the diagram below, we can see the interfaces that are applicable to VMware Cloud on AWS is the Internet interface which includes VPN traffic, VPC interface which includes traffic going to Linked VPC and Direct Connect interface which includes traffic when using AWS Direct Connect.

As you might expect, these exact same three interface types is then represented as logical interfaces within the NSX-T Policy API which uses the following IDs:

cross-vpc
public
direct-connect

Note: Statistics on the Direct Connect interface will also include traffic if you are using the new VMware Transit Connect with AWS Transit Gateway feature.

These interface can be discovered by performing a GET on /policy/api/v1/infra/tier-0s/vmc/locale-services/default/interfaces and then you would then identify the two NSX-T Edge (Active/Passive) and construct the T0 URL to retrieve the statistics. I will not bore you with the details and have implemented this as a new PowerShell function called Get-NSXTT0Stats and for those interested in the implementation, please see the code here.

Note: For those wanting to see the full NSX-T Policy REST URLs, simply append -Troubleshoot flag and that will output additional information on how I am retrieving the various pieces of information required to call into the T0 Stats API.

[Read more...]