New year, new place

2023-01-23

For a while i wanted to change where my blog was placed, as i just used some expsensive webhotel as i was in need for something very reliable years years ago. Over time the solution got more and more expensive, while my requirements went more and more down. For web i only need static web-files now on this domain, so therefore my options was more open than ever before. What? I decided due to my new job, looking into Static Web Apps from Microsoft/Azure, which i highly recommend. Continue reading

NSX Troubleshooting, what changed in the firewall?

2022-09-06

I found a neat feature that I didn’t know in the NSX Manager during a late night. Every publish/change makes a configuration point, that you can see what changed from then -> now.

This can be good for troubleshooting, something that stops working, that might be due to a DFW Configuration issue.

Go to the DFW, over the categories click “Actions” -> Under Drafts click “View” You will be presented with the saved configurations:

So lets go into troubleshooting mode, and lets say something stopped working at 10:32. I can find the date in the above screenshot and point at the dots and see the timestamps - look below:

NSX-T 4.0.0.1 - Whats new?

2022-08-17

In NSX-T 4.0.0.1, VMware changed their naming scheme (again, would some say), to just be NSX. One of the biggest features, and long overdue is IPv6 support for management. There is also a new feature for Blocking Malicious IPs, which we will look at below.

Here are the Release Notes: https://docs.vmware.com/en/VMware-NSX/4.0/rn/vmware-nsx-4001-release-notes/index.html

Block Malicious IPs:

In the Release Notes the following is written:

Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs.
Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs. This is achieved by ingesting a feed of Malicious IPs provided by Vmware Contexa. This feed is automatically updated multiple times a day so that the environment is protected with the latest malicious IPs. For existing environments the feature will need to be turned on explicitly. For new environments, the feature will be default enabled

My LAB enviorment is a existing installation, so it will need to be turned off explicitly as the release notes says. Luckily thats quite easy in NSX-T.

We also know its a part of VMware Contexa, that is VMwares take on a cloud security platform. I actually didnt know about Contexa before this update, it looks cool. We might see more of Contexa in later NSX-Releases, maybe within NSX-Intelligence where more of the Contexa looks to be already.

Lets setup auto update:

As you can see below, you will right away after upgrading the NSX-T Manager to 4.x the warnings telling you: Auto Update Malicious IPs is turned off. All rules containing groups with malicious IPs might not work at all or work with outdated data if available.

My Homelab (2022 edition)

2022-08-16

I thought I would give an updated look at my HomeLab where i obviously lab most of my stuff.

Why?

My Homelab started as I think it does for many, a curiousity and passion to know more. For me it started way back when I was very young, and wanted to learn the enterprise stuff. It have made me get jobs where i havent had professional experiences, so I think it has paid off multiple times. Now its more of a playground, and to learn and try new stuff, beta releases and more.

What?

I work as a VMware and Datacenter Administrator in my daily work, so it helps me learn: Routing, VLANS, Switching (even L3 Switching), Datacenter management, VMware and more. I LAB many things, but primarily most of the VMware stack, with licenses from VMUG.

High latency for VMs in NSX-T (VLAN)

2022-08-15

NSX-T Version: 4.0.0.1.0.20159689

I was experiencing a high latency in NSX-T for all my VMs, and i couldnt figure out why. VMs on the same host, that wasnt on a NSX-T segment had +90ms in latency. I was pinging from a VM on VLAN 10 to a VM thats part of my NSX environment on VLAN 20. Both VMs was on the same host, and I dont have any NSX-T Overlay routing, so it was kinda weird.

Let me first show you how the latency was fluctuating: NSX-T high VM latency

As you can see above the latency was in the low end at 8ms and to the very high end of 150+ ms per ping. Thats not acceptable, and especially not when the VMs are on the same host, and there is only 1 router between the VLANs.

Place a VSAN Witness host into maintenance through PowerCLI

2022-07-24

The PowerCLI documentation is actually really good, but sometimes the documentation is just silly aswell. I was trying to make a vSAN Witness host go into Maintenance Mode through PowerCLI and had trouble doing it.

The Set-VMHost command has some parameters you can set for VSAN Data Migration and stuff like that, so i thought maybe it wanted to do something with vSAN even though the GUI is the normal Maintenance Mode dialog box.

vCenter GUI VSAN MM Mode

When I tried using the Set-VMHost command i got the error A specified parameter was not correct:

Follow me on Github :)

2020-02-18

Remember to follow me on Github, since i post a lot of my scripts there. I’m mostly doing PowerShell stuff, so keep an eye out.

I made a repository for VMware for my scripts for VMware - take a look here: https://github.com/NPetersenDK/VMware-Scripts

Older posts