WilliamLam.com

How To Enable Nested ESXi Using VXLAN In vSphere & vCloud Director

by // 9 Comments

Recently I had received several inquiries asking on how to configure nested ESXi (Nested Virtualization) to function in a VXLAN environment. I have written several articles in the past on configuring nested ESXi in a regular vSphere and vCloud Director environment, but with the use of a VXLAN backed network, there are a few additional steps that are required. These steps include additional configurations of the vCloud Network & Security Manager (previously known as vShield Manager) which ensures that both the required promiscuous mode and forged transmits are automatically enabled for the VXLAN virtual wires (vWires) as they are managed exclusive by the vCNS Manager.

In this article, I will walk you through the configurations that is required when using VXLAN in both a vSphere only environment as well as a vCloud Director environment. If you would like to learn more about how VXLAN works, be sure to check out the multi-part VXLAN series (Part 1/Part 2) by Venky Deshpande.

Disclaimer: This is not officially supported by VMware, please use at your own risk.

Configurations for VXLAN in vSphere Environment

Step 1 - Deploy vCNS Manager and configure it to point to your vCenter Server (do not enable or prepare VXLAN, this must be done after the configurations)

Step 2 - You will need to identify the VDS MoRef ID in your vCenter Server which will be used in the next step. Since the configuration is applied at the VDS level, you may want to consider having a separate VDS serving Nested Virtualization traffic since both promiscuous mode & forged transmits will automatically be enabled for all vWires. To locate the VDS MoRef ID, login to the vSphere Web Client and select the summary view for the VDS.

The VDS MoRef ID will be towards the end of the URL link and it should start with dvs-X where X is some arbitrary number. Record this value down for the next step

Step 3 - Download the enablePromForVDS.sh shell script which will be used to prepare the VDS within the vCNS Manager. The script basically performs a POST to the REST API to the vCNS Manager using cURL and it accepts three input parameters: vCNS Manager IP Address/Hostname, VDS MoRef ID and VDS MTU. The username/password is hard coded in the script to use the default which is admin/default. If you have modified the default password like any good admin, you will want to change the password before running the script. If you take a look at the request body, you will notice only promiscuous mode is enabled to true, but this will also automatically enable forged transmits as well.

In my lab enviroment, I have the vCNS Manager IP to be 172.30.0.196, VDS MoRef ID to be dvs-13 and VDS MTU to be 9000. So the syntax to run the script would be:

./enablePromForVDS.sh 172.30.0.196 dvs-13 9000

Here is a screenshot of executing the script, you should see a response back with 200 to indicate successful execution of the script.

Step 4 - Now, we will proceed with the VXLAN preparation. Start off by logging into the vCNS Manager and selecting the vSphere Datacenter which you wish to enable VXLAN. On the right you should see a tab called "Network Virtualization" go ahead and click on that and then click on the sub-tab called "Preparation". Click on edit and then select the vSphere Cluster and proceed through the wizard based on your environment configuration.

Step 5 - Once the VXLAN preparation has completed, click on the "Segment ID" and configure that based on your environment.

Step 6 - Next, click on "Network Scopes" and you will create a network scope and specify the set of vSphere Clusters the VXLAN network will span.

Step 7 - Lastly, click on "Networks" and this is where you will create your vWires and ensure it the proper network scope is selected.

Step 8 - To confirm that everything has been configured properly. We now log back into our vSphere Web Client and heading over to the VDS settings page. You should now see a new vWire portgroup that is created, if we take a look at it's settings we should see that both promiscuous mode and forged transmits is enabled.

You are now done with the VXLAN configurations in the vCNS Manager and can proceed to the regular instructions for enabling Nested ESXi for vSphere.

Note: If you have already prepared VXLAN in your environment, you can still configure the above without having to un-prepare your VXLAN configurations. You just need to login to the vCNS Manager via the REST API and perform a DELETE on the VDS switch (Please refer to page 153 of the vCNS API Programming Guide) which will just delete the mapping from vCNS but will not destroy any of your VDS configuration. Once that is done, you will be able to use the script to configure the VDS with the proper settings.

Configurations for VXLAN in vCloud Director Environment

A VXLAN network pool is automatically created for you when using vCloud Director 5.1, so the steps for preparing Nested Virtualization for vCloud Director is extremely simple compared to the vSphere only environment.

Note: VXLAN is only supported in vCloud Director 5.1, for previous versions you have the choice of using a VCD-NI or vSphere backed network and the configurations for that can be found here.

Step 1 - Please follow the steps 1-5 from above in the vSphere only environment and then you are done. If you would like a more detailed walk through for configuring VXLAN for a vCloud Director environment, check out this article by Rawlinson Rivera who takes you through the process step by step.

Step 2 - Proceed to the regular instructions for enabling Nested ESXi for vCloud Director.

Step 3 - Lastly, you will go through the vCloud Director setup which is to attach your vCenter Server & vCNS Manager, create a Provider VDC, create an Organization and assign resources to your Organization VDC and ensure that the OrgVDC is consuming the VXLAN network pool that is automatically created for you when you create the Provider VDC. Once that is done, when you deploy your vApp, you will see a vWire that automatically created for you. If we login to the vSphere Web Client and go to the VDS settings, you will see the vWire has both promiscuous mode and forged transmits automatically enabled.

Additional Resources:

How To Run The SilverLining Fling Without Installing It In vCloud Director

by // 5 Comments

A few weeks back the VMware Lab's team released a cool new fling called SilverLining which allows users to build a simplified user-interface for vCloud Director. This interface can be run from any modern web-browser that supports HTML5, CSS3 and Javascript. To access the SilverLining interface, you must first install it on a vCloud Director 5.1 Cell.

From a development or proof of concept perspective, it would be really nice to be able to run SilverLining locally from your desktop and point it to a valid vCloud Director 5.1 instance for testing. Well, this is exactly what Andrea Siviero, a Consulting Architect for VMware discovered while playing around with the SilverLining Fling.

UPDATE: 2/28 - For Safari, you can use open /Applications/Safari.app/ --args -disable-web-security

Disclaimer: The solution described here is specifically for Chrome running on Mac OS X or Windows. I have not looked into equivalent settings for other browsers.

Here are the steps required to make this work:

Step 1 - Download SilverLining and extract the contents to your local desktop

Step 2 - Under Silverlining->js directory, there is a file called main.js that needs to be modified. Add the following right under "$(document).ready(function() {" which should point to the base URL of your vCloud Director instance:

localStorage.server = "https://vcd.primp-industries.com";

Step 3 - Launch Chrome with the additional argument via the command-line and load the index.html in the SilverLining directory:

open /Applications/Google\ Chrome.app/ --args -disable-web-security

Note: For Windows version of Chrome just pass in the following either via command-line or shortcut to Chrome.exe -disable-web-security

If everything was successful, you should be able to login to the vCloud Organization of your choice and see all the vApps and Catalogs you have access to!

If you receive the "You are attempting to connect to a system no longer supported" shown in the screenshot below:

You may be pointing to a vCloud Director instance that is using a self-signed certificate and you will need to trust the site before proceeding. To do so, open up a new tab and enter the following URL (substituting your vCloud Director URL):

https://vcd.primip-industries.com/api/versions

Click on the "Proceed Anyway" and then reload the index.html page and you should now be able to login to vCloud Director.

I would like to thank Andrea for sharing this awesome tip! Now you can easily develop and test your own custom interface using the Javascript SDK provided by SilverLining all on your desktop. Best of all, you can now point this to any remote vCloud Director 5.1 instance whether that be private or public!

Exploring the vCloud API Using Ruby

by // 2 Comments

While working on something that was completely random, I started to play around a bit with the Ruby programming language. I had a few questions and I reached out to a buddy of mine who is Ruby developer and in doing so I was introduced to a very cool Ruby gem called HTTParty. For those of you who are not familiar with Ruby gems, it is a packaged library or application for Ruby, similar to an rpm or pkg file. The neat thing about HTTParty is that it makes working with REST APIs extremely easy and processing XML request/responses into Ruby objects without too much effort.

With the bit of knowledge I gained from my buddy, I wanted to see how easy it would be to apply this to the vCloud API using Ruby and HTTParty. To my surprise, it was actually pretty easy!

Disclaimer: I am not a developer nor even a Ruby novice. This is probably the second or third time I have used Ruby.

Before getting started, you will need to have the following installed on your system:

The following vCloud APIs are implemented in the sample below:

To demonstrate the use of Ruby & HTTParty, I created a very simple Ruby script called vcd.rb which primarily deals with vApp operations.

To use the script, you will need to create a file called config-vcd.yml which contains the credentials to your vCloud Director instance. Here is what the file should look like:

:username: [email protected]
:password: supersecretpassword
:site: https://vcd.primp-industries.com

Note: This example assumes you are running vCloud Director 5.1 (but sample can be modified to support 1.5)

Here is an example of listing all vApps for the given Organization you are logging into:

Here is an example of listing a specific vApp:

Here is an example of performing several operations on the vApp:

At the end of this little exercise, I was pretty impressed at how easy it was to work with REST APIs using Ruby and HTTParty. I think the toughest part for me personally was getting used to Ruby's syntax which I was not familiar with. I also extended this exercise to the vCloud Networking and Security REST APIs which I will share in another blog post.

Useful Resources: