vCenter agent/services communication with ESXI host

vCenter is used for managing ESXI host and VM operations via vsphere client

Vcenter also provides advanced features like DRS, vSphere HA, Fault Tolerance , vmotion & Storage vMotion and other

Vcenter is an appliance either windows or linux based and contain following.

1.Photon OS

2.Postgres DB

3.Vcenter services

In this blog we will be focusing on vCenter services and its operations.

vCenter services include vSphere client, vSphere server , Content library, VPXD etc

I will be more focusing on the component/services which are use to communicate between vCenter and ESXI host.

vCenter Client is the primary service used to manage ESXI hosts. When you add ESXI host into vCenter it installs VPXA agent on each ESXI host. On vCenter demon named VPXD runs to communicate with ESXI host via vcenter agent on host VPXA.

Hostd demon of host is responsible for managing most of the operations of ESXI host.

Hostd is aware about all the VM and and its running status and alos aware about the storage associated with VMs.

Now if you are using vCenter client then you can manage operations like , power on VM , vmotion etc so VPXD on vcenter will instruct VPXA of ESXI host and then VPXA of host will communicate the vcenter information to hostd and hostd will act accordingly and configure the required changes. Since the operation was initiated from vcenter , vCenter also update its postgres DB about the operations.

Now if the vCenter is unavailable, you wont be able to use features like vmotion , DRS etc but you can manage host directly via Host client. When you manage ESXI host via Host client you send instruction directly to hostd , here no role of vpxa agent.

Restart vpxa and hostd services on ESXI  Host

/etc/init.d/hostd restart

/etc/init.d/vpxa restart

Start vpxd and vSphere client services on vCenter

service-control –start vmware-vpxd

service-control –start vsphere-ui

Refer below topology to understand how vCenter and ESXI host interact with each other

Posted in NSX-T | Leave a comment

NSX-T password reset

In NSX-T password reset is done through GRUB menu. By default GRUB menu is not enabled.We need to enable GRUB on root mode.To reset password for NSX-T manager first check the NSX-T version that is being in use.

Step1: Enable GRUB menu when you have root password

Step2:Reset password once you have GRUB mode enable

Step3:Enabled GRUB menu when root password is forgotten

The above steps are described in details as below

Step1: Enable GRUB menu when you have root password.

GRUB mode menu enabled by login to root mode. So root mode password is required.
However, if you have root mode password then you can easily reset admin password no need to bother about grub and all. So it seems chicken & egg problem.
Follow below VMware document based on your NSX version to enable GRUB menu.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-4630C9D5-71FB-4991-AC1D-9FDBA0B86120.html
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/installation/GUID-4630C9D5-71FB-4991-AC1D-9FDBA0B86120.html
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/installation/GUID-4630C9D5-71FB-4991-AC1D-9FDBA0B86120.html

Check if GRUB is enabled or not from grub file located at /etc/default/grub. Note If you see any value Infront of keyword GRUB_TIMEOUT or GRUB_HIDDEN_TIMEOUT it means grub menu is enabled.
Refer below snip

Step2: Reset password once you have GRUB mode enable.

Once you enable GRUB mode then you can easily reset the password following below document. Note you must authenticate with GRUB password before you reset root and admin password.

Each version of NSX-T has its own GRUB password. Follow below link to check GRUB password and reset steps.

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html

In case you forget the root, password, and admin both and want to reset it then the only option we have is to enabled GRUB MENU. Follow below steps to enabled GRUB.

Note: this is not official recommended procedure, the steps mentioned below are taken from website https://thefluffyadmin.net/?p=1455

Continue reading

Posted in NSX-T | Leave a comment

TCPdump commands and parameter

Today we will cover tcpdump tool. Tcpdump is a packet analyzer tool just like wireshark.
It run under command line interface. It help you to capture data packets on low level to understand what is going on inside the packet.
You can run tcpdump on linux/unix based operating systems.

Syntax for tcpdump
tcpdump <paramter>

e.g tcpdump -i eth0

Basic parameter of tcpdump
-i : Specify the network interface to listen on
-c : Number of packets which needs to be captured.
-w : Write the captured packets to a file for later analysis
-r : Read packets from a file instead of capturing from a network interface
-n: Do not resolve hostnames, display IP addresses only
-X: Display both hexadecimal and ASCII representations of packet data
-v: Increase verbosity level
-e: Print the link-level header on each dump line
-q: Quiet output, print less information

Operators in tcpdump:
– and ,&& —–This is used to concatenate two parameter
– or, ||         —–This is or operator used to match any one of the mentioned parameter
– not, !        —–This negate the mentioned parameter
– < – >          —-Less than ,greater then parameter

Let’s take some example
Lets capture packets for eth0 interface for count of 4 packet in default mode.
I will now use any parameter
1. tcpdump -i eth0

You can see we don’t have any header details here, lets add switch -e parameter to display link layer header.

Now you can see the header details, mac address and ether type. Let’s add parameter -n this will show the host name as ip address in out packet capture.

Now we see the source and destination as ip address instead of hostname. To get more details about the header we can add -v parameter

If you want to see more details about the header, then keep adding more verbose -v parameter.

Now I want to write these packet details into file, so that I can read later or I can open in wireshark. Let’s use -w parameter to write file of tcpdump packet. I will save these files with name test.pcap

Read this file test.pcap by using -r parameter.

By default, read parameter do not show all packet header details. Use verbose parameter and other parameter to see details.

Few examples for different combination

1.Capture using mac address filter.

2.Capture all packet with ip address 192.168.110.70

3.Capture packet with ip address 192.168.110.70 & 192.168.110.70. Here anyone can be source or destination.

4.Capture packet with source ip address

5.Capture packet with destination ip address

6.Capture packet of source and destination IP address

7.Capture packet by ports

8.Capture packet on ip and ports

9.Capture using or operator or combination of or and operator

10.Capture using protocol address

11.Using not operator to filter traffic

12.Capture the packets for range of ports

13.Capture packets of specific networks

Posted in Packet_Inspection | Leave a comment

ESXI command lists

1.Nic, Drivers, Stats,vmk,port_num related commands

2.Swtich related commands

3.NIC, vmk, up,down,lacp related commands

4.Module related commands

5.NSX firewall related commands

6.ESX routing related commands

7.VDR,vDL2 related commands

1.Nic, Drivers, Stats,vmk,port_num related commands

esxcli network nic list

Check the physical vmnic associated with the host. This will show all the vmnic physical adapter and its state.It will show the Admin and link status.

esxcli network nic get -n vmnic<vmnic_number>

This command will show you more details about physical vmnic adapter , like fireware version, driver, negotiation details etc.

esxcli network nic stats get -n <vmnic_number>

Now lets say customer have issue in his environment or there is intermittent packet drop on host level or any issue with host specific or vmnic. In that case you can run this command and see the active counter for drop in receive/transmit packet.

net-stats -l

Get the port number of particular VM , this portNum can be used to take packet capture on VM port or to get VM portNum stats.The command can be used with grep to find the portNum of specific VM.

esxcli network port stats get -p <port_number of particular VM>

Use the PortNum of of the VM to check the stats of VM Ports.Run this

Posted in NSX-T | Leave a comment

NSX-T Upgrade step by Step

NSX-T upgrade from 3.2.1 to 3.2.2

Today we will perform NSX-T upgrade and its operation.

  1. Overview
  2. Upgrade coordinator
  3. Precheck
  4. Upgrade edge
  5. Upgrade host
  6. Upgrade management/controller
  7. Post check
  8. Rollback
  9. Log review in case of any issue.
  10. Summary
  1. Overview

NSX-T upgrade process depends on the number of components you have in your infrastructure. Before proceeding the upgrade you must check the upgrade path and interop matrix with respect to your NSX-T upgrade. Check if the component in your infrastructure is compatible with the new NSX-T version or not.

https://interopmatrix.vmware.com/Interoperability

The upgrade path will show if the upgrade of NSX-T is support from your current version to the target version or not. In our case the target version is 3.2.1.1

https://interopmatrix.vmware.com/Upgrade

Check the known issue and resolved issue for this version of NSX-T in release notes.You will find these details on VMware release notes.

Continue reading
Posted in NSX-T | Comments Off on NSX-T Upgrade step by Step

HTTP Archive(HAR) File

HAR stands for http archive. This is a file format used to capture network/API information between browsers and web/application server.

This is also used for identifying performance issues such as slow load times and page  rendering problems etc.

The HAR file information is stored in JSON format which means in order to visualize the details we need some tool which have view the Jason file inside HAR. We say such tools as HAR viewer.

Steps to proceed with HAR file.

1.Capture the HAR file details in browsers

2.Save the HAR file

3.Analyze HAR file

Continue reading
Posted in Routing | Tagged | Comments Off on HTTP Archive(HAR) File

NSX-T Architecture

NSX-T Architecture

The diagram depicted above is a high level NSX-T architecture that I will explain today.

NSX manager and its cluster communication with transport nodes through APH server (Application Proxy Hub)

All transport node connect with NSX-T component using NSX-Proxy service.

Transport node connect with NSX-Manager on port 1234 and CCP(Central control plane) on port 1235

In NSX-T  have its own NSX-RPC for used as messaging queuing between manager and transport node.

Before NSX-T 2.5 or NSX-V it was rabbitmq messaging queuing protocol use for communication between manager and ESXI nodes

Continue reading

Posted in NSX-T | Tagged , , | Leave a comment

All about MTU and Fragmentation.

Topology

So, in this post we will cover the mtu and fragmentation cases. So, every interface/port have its capacity to send data across the line or port. So, the Maximum transfer unit (MTU).

When I say MTU it usually means at layer 2 frame, but the actual data formation take place at layer 3. So, we have MTU at layer 2 and IP MTU at layer 3.

Bydefault the value of IP MTU is same as MTU, if not defined explicitly. MTU of port may varies depending on the platform or vendor. By default, most of the nodes support 1500 bytes of MTU.

Continue reading

Posted in IPv4 | 1 Comment

GARP(Gratuitous Address resolution Protocol)

Gratuitous ARP is either request or reply packet that is needed in some cases. usually when we assigned any ip on interface or host boot the first packet it send is GARP.

GARP packet have Sender and Target IP address same .Source mac address is of machine whereas destination mac is broadcast.

GARP IMP Question

1)GARP first packet is request or reply ?

2)GARP reply packet is unicast or broadcast ?

3)GARP opcode.

4)Why GARP is used ?

5) Messages or types of GARP packet ?

Learning acrimony—-Total 9 Field

HaPur HaPur SSOTT

In practical environment we only see GARP reply packet no GARP request is send.

https://tools.ietf.org/html/rfc5227#page-15

GARP have two opcode opcode 1 & 2. Remember opcode 1 is used for DAD(duplicate address detection) and opcode 2 is used for GARP.

There is two messages of GARP viz ARP probe (used for DAD) and ARP announcement (used to announce that machine own a particular ip address within the segment.

Consider one example where Switch has PC1 & PC2 and DHCP server connected.

Now PC1 is assigned with 192.168.174.111/24 ip address, PC2 is set to DHCP,

And DHCP server have only one ip i.e 192.168.174.111 left to assigned to PC2, and this ip is already configured on PC1 statically.

So what will DHCP assigned this ip address to PC2 or not.

Ans: DHCP won’t assigned this ip address to PC2 , because DHCP always do ARP probing to check if the ip which dhcp want to assigned is already assigned to any other host in the network or not. Since here 10.10.10.1 is already assigned to PC1 , then DHCP wont’t assigned this ip to PC2.

Now consider if 192.168.174.111 is not assigned to any host on the segment , in this case. DHCP will perform GARP probe message to check if there any duplicity of ip or if the ip that dhcp want to assigned it not used by any host. Let’s assume it is not used by any host, then DHCP will assigned 192.168.174.111 to PC2 and then once the PC2 have ip address assigned by DHCP, PC2 will send GARP announcement message to confirm other that PC2 own 192.168.174.111 ip. In return of GARP announcement it will get no reply which confirm only PC2 own this ip and no other host.

Posted in Routing | Comments Off on GARP(Gratuitous Address resolution Protocol)

TCP/IP Details

TCP Header Format

Total 13 Field

Learn acronym

HSDDDO Acche SE UR WINNER RE PAD FLAGUPARSF

Continue reading

Posted in IPv4 | Comments Off on TCP/IP Details

BGP Route-Reflector Design

A route learned by one ibgp peer won’t be advertised to another ibgp peer. This is called BGP split horizon rule. This rule is used to avoid loop in ibgp cases.

To mitigate this, we have following option by which one ibgp learned routes can be advertised to another ibgp peer.

  1. BGP full mesh
  2. BGP confederation
  3. BGP route-reflector

In this article we will discuss about the 3rd option i.e BGP route-reflector.

BGP route reflector rule.

Whenever a RR learn route from its client it adds two attributes to the route.

  1. Cluster id – (32-bit identifier, which can be set, by defaults its bgp router-id)
  2. Originator id- (router id of client who send the route)
Continue reading
Posted in Routing Protocols | Comments Off on BGP Route-Reflector Design

Types of Address resolution Protocol(ARP)

Topology

Address resolution Protocol is used to find the Layer 2( mac address) information when the layer 3(IP)

Information is already given. Total 9 filed in Header.

The typical Address resolution protocol Header format is shown as below

Fig1 ARP_Header

Continue reading

Posted in Routing Protocols | Tagged , , , , , , , , , | Comments Off on Types of Address resolution Protocol(ARP)

Different Static Route Options

The IP assignment on interface is shown as above.

We will demonstrate the following case study.

Case Study 1: Static routes using exit interface

Case Study 2:Static routes using IP as next hop

Case Study 3:Static routes using exit interface and IP add as next hop

Let’s understand how the communication takes place in Ethernet or multi-access networks.

  1. Whenever router want to reach a particular destination, it basically needs two information viz the destination IP address where it wants to go and the L2 address with respect to the destination.
  2. The router must check first whether the outgoing interface is point to point or ethernet/multi-access. In case it is Ethernet then it must resolve L2 address
  3. For getting the L2 address the router must generated ARP request for the destination subset. The router must know on which outgoing interface it needs to generate ARP so the router do routing recursive process to know the outgoing interface for a particular destination.

Continue reading

Posted in Routing Protocols | Tagged , , , | Comments Off on Different Static Route Options

OSI MODEL

OSI Stands for open system interconnection model.  This is reference or virtual model, you cannot see it , touch it ,but its exists conceptually just like electron, protons etc.

OSI model is invented by ISO(International standard organization). ISO is non profit organization that defines several  standards. It is just like other standard e.g ISI mark, IEEE, CE etc that you must have come across.These standard work for the welfare of society for setting different standard in different areas like food , electronic networks etc.

OSI model have seven layer describe as below.

1)Physical layer

2)Data link layer

3)Network layer

4)Transport layer

5)Session layer

6)Presentation layer

7)Application layer

Continue reading

Posted in Blog | Tagged | 1 Comment

Site to Site IPsec VPN

Topology

Summary:

To implement Flex VPN or IPSEC VPN the topology shown above. The motive is to make the reachability between LAN to LAN network i.e from 20.20.20.0 to 30.30.30.0 & vice versa.

Currently we have configure simple connectivity in which R1 and R2 is reachable to each other via internet cloud.

The basic requirement of any VPN is the rechability between source and destination end point of tunnel.

Continue reading

Posted in MPLS | Tagged , | Comments Off on Site to Site IPsec VPN