VMware Hands-on Labs - HOL-SDC-1302


Lab Overview HOL-SDC-1302

HOL-SDC-1302 - vSphere Distributed Switch Enhancements


Please Read: Many of the modules will have you enter Command Line Interface (CLI) commands. A text file has been placed on the desktop of the environment allowing you to easily copy and paste complex commands or passwords in the associated utility (CMD, Putty, console, etc). Certain characters are often not present on keyboards throughout the world. This text file is also included for keyboard layouts which do not provide those characters.

The text file is HOL-SDC-1302 CLI Commands. The file is divided into Module Sections with the command or credentials for you to copy and paste.

Thank you and enjoy the labs!

vSphere 5.5 introduces some key networking enhancements and capabilities to further simplify operations, improve performance and provide security in virtual networks. The vSphere Distributed Switch (VDS) is a centrally managed, datacenter-wide switch that provides advanced networking features on the vSphere platform. Having one virtual switch across the entire vSphere environment greatly simplifies management.

The following are some of the key benefits of the features in this release:

Lab Module List:

Note: It will potentially take more than 90 minutes to complete the lab. We request that you complete Modules 1, 2, 3 and 4 in your first sitting. Module 5 can be completed in the second sitting. You can also take the modules in any order or even skip some of them.

Lab Captains: Al Grandville (Modules 1, 2 and 5), Sébastien Braun (Module 3 and 4).


Module 1 - Migrating from a vSphere Standard Switch to the vSphere Distributed Switch

Migrating to the vSphere Distributed Switch - Overview


In this lab we will migrate a host from a vSphere Standard Switch (VSS) to a vSphere Distributed Switch (VDS).

There are two methods of migration:

1: User Interface (UI) - This method uses a wizard that guides the user through the migration steps.

2: Host Profiles - This method allows us to grab the network configuration from a host and duplicate it on another host or group of hosts.

In this lab section we will migrate the first host with the UI based host migration wizard. We will then extract a host profile from the migrated host and use it to migrate a second host to the distributed switch.


 

vSphere Distributed Switch Architecture

 

A vSphere distributed switch functions as a single switch across all associated hosts. This enables you to set network configurations that span across all member hosts, and allows virtual machines to maintain consistent network configuration as they migrate across multiple hosts.

Like a vSphere standard switch, each vSphere distributed switch is a network hub that virtual machines can use. A distributed switch can forward traffic internally between virtual machines or link to an external network by connecting to physical Ethernet adapters, also known as uplink adapters.

Each distributed switch can also have one or more distributed port groups configured. The Distributed port group defines a common network configuration across a set of virtual ports. If users wants a set of virtual machines to connect to a network with similar properties, those virtual machines should be connected to the same distributed port group. Each distributed port group is identified by a network label, which is unique under the datacenter. For example, in the the diagram above there are three distributed portgroups - Production, Test environment and XYZ.

This lab starts with a VSS with 3 port groups. We will create a VDS and configure it with 3 distributed port groups.

Management Network (A) - For Management traffic

Storage Network (A) - For Storage traffic

VM Network (A) - For VM traffic

These distributed port groups on the VDS have the same network properties defined on the VSS port groups.

Once we have a VDS to work with, we will then migrate the first host from VSS to VDS with the UI based migration wizard and the second host using Host Profiles.

 

Create a new vSphere Distributed Switch


In this lab section we will first investigate the state of the network on our hosts and then we will create a new vSphere Distributed Switch.


 

Launch Firefox from the ControlCenter Desktop

 

Double click the Firefox icon on the ControlCenterDesktop

 

 

Password and Command Line Help File

 

Look for a text file on the ControlCenter Desktop named HOL-SDC-1302

This file contains all of the passwords and long command line entries found in this lab.

If needed, you can use this file for copying and pasting passwords and command line text into the lab environment.

Tip: Use the method of highlighting text and right-mouse clicking to copy and paste for consistency as the keyboard combinations ctrl-c and ctrl-v do not work on all keyboard types.

 

 

Login to the vCenter Console

 

Login to the VMware vSphere Web Client

User name: root

Password: VMware1!

Click Login

 

 

Navigate to vCenter

 

Click on the vCenter tab in the left hand navigation pane

 

 

Navigate to Hosts and Clusters

 

Click on the Hosts and Clusters tab in the left hand navigation pane

 

 

Usability Tip (Optional) - Unpinning the right hand pane to maximize viewable screen space

 

Click on the thumbtack icon on the top of the right to unpin the right hand pane and allow it to minimize

 

 

Usability Tip (Optional) - Minimizing the right hand pane to maximize viewable screen space

 

Notes:

1: Click on the thumbnail icon again to re-pin the pane and stop it from minimizing

2: Roll over the minimized pane to expand it

 

 

Observe the networking configuration of esx-01a.corp.local

 

Click the arrows to expand vCenter -> Datacenter -> Cluster Site A and reveal the list of hosts

Click on esx-01a.corp.local in the left hand navigation pane

Click on Manage

Click on Networking

Click on Virtual switches

Observe that esx-01a.corp.local has one standard vSwitch labeled vSwitch0

Observe that esx-01a.corp.local has one port group named VM Network and that there is a VM labeled W2k8_base attached to that port group

 

 

Observe the networking configuration of esx-01a.corp.local

 

Click on VMkernel adapters

Observe that vSwitch0 has two vmkernel nics

vmk0 | Management Network

vmk1 | Storage Network

Note: esx-02a.corp.local has an identical network configuration with the minor exception that there is a different VM attached to it's VM Network port group. If time allows, and you are interested, feel free to switch over host esx-02a.corp.local and observe its networking.

 

 

Click on VMs and Templates

 

Click on the VMs and Templates icon

 

 

Check to see if the W2k8_base VM is powered on

 

Click on the arrow to the left of Datacenter Site A to show the list of VMs and Templates

Observe the W2k8_base VM. It should be running (There should be a green triangle to the left of the VM name)

If the W2k8_base VM is not running, please start it now. (We will need it later on in the lab)

 

 

Power on the W2k8_base VM (ignore this step if the VM is already powered on)

 

Ensure that the W2k8_base is selected in the left hand navigation pane

Click Actions

Click Power On

 

 

Navigate to Networking

 

We will now head on over to networking and create a new VDS

Click on the Networking icon

 

 

Create a New Distributed Switch

 

Click on Datacenter Site A

Note: There is an existing VDS in this Datacenter named vds-site-b which will be used in different sections of this lab.

Click on Actions

Select New Distributed Switch... from the context menu

 

 

New Distributed Switch - Name and Location

 

Type vds-site-a in the Name: field

Click Next

 

 

New Distributed Switch - Select version

 

Keep the default setting Distributed switch: 5.5.0

Click Next

 

 

New Distributed Switch - Edit settings

 

Number of uplinks: 4 (Default)

Network I/O Control: Enabled (Default)

Default port group: Unchecked"We do not want to create a default port group."

Port group name: Greyed Out

Click Next

 

 

New Distributed Switch - Ready to complete

 

Ensure that your settings match the following:

Name: vds-site-a

Version: 5.5.0

Number of Uplinks: 4

Network I/O Control: Enabled

Click Finish

 

 

Observe the new VDS

 

Click on the arrow to the left of Datacenter Site A in the left hand navigation pane

Click on the new VDS labeled vds-site-a in the left hand navigation pane

Choose the Summary tab to see the details of our new VDS.

Note: The Features box on the right shows the advanced features that are available with the 5.5 version of the VDS.

 

 

Rename the uplink port group

 

Expand the vDS by clicking on the arrow to the left of vds-site-a

Click the uplink port group vds-site-a-DVUplinks-##

Right click on the uplink port group

Choose Rename... from the context menu

 

 

Rename the uplink port group

 

Enter the new name:

vds-site-a-corpnet-uplink


Click OK

 

 

Create VDS Port Group - Management Network

 

Click on the vds-site-a

Click on the Manage tab

Click Settings

Click Topology

Click on the create a new distributed port group icon

 

 

New Distributed Port Group - Select name and location

 

Name: Management Network (A)

Location: vds-site-a

Click Next

 

 

New Distributed Port Group - Configure settings

 

Leave all port group settings at the default values

Port binding: Static binding(Default)

Port allocation: Elastic(Default)

Number of ports: 8(Default)

Network resource pool: (default)

VLAN type: None(Default). Since this is a nested environment VLAN tagging is not used. However, users choose different VLANs on different distributed groups to provide isolation.

Click Next

 

 

New Distributed Port Group - Ready to complete

 

Click Finish

 

 

Observe the new Management Port Group

 

Observe the new Management Network(A) port group

Note:You may need to click the arrow to the left of vds-site-a to reveal the new Management Network (A) port group

 

 

Create VDS Port Groups - VM Network

 

Click on the create a new distributed port group icon

 

 

New Distributed Port Group - Select name and location

 

Name:VM Network (A)

Location:vds-site-a

Click Next

 

 

New Distributed Port Group - Configure settings

 

Leave all port group settings at the default values

Port binding: Static binding(Default)

Port allocation: Elastic(Default)

Number of ports: 8(Default)

Network resource pool: (default)

VLAN type: None(Default)

Click Next

 

 

New Distributed Port Group - Ready to complete

 

Click Finish

 

 

Observe the new VM Network Port Group

 

Observe the new VM Network (A) port group

Note: You may need to click the arrow to the left of vds-site-a to reveal the new VM Network (A) port group

This concludes this portion of the lab. In the next portion of the lab we will migrate one of our hosts to the new VDS with the User Interface (UI)

 

User Interface (UI) based VSS to VDS Migration


In this section of the lab we will migrate a host to the VDS using the Add and Manage Hosts Wizard.

Using the Add and Manage Hosts Wizard we can migrate VM's without any loss of connectivity. We will illustrate this by initiating a continuous ping from a VM to the ControlCenter desktop and observe that no packets are dropped during the migration.


 

Switch over to VM's and Templates

 

Click on the VMs and Templates icon

 

 

Select the W2k8_base VM

 

Click on the W2k8_base VM in the left hand navigation pane

Click on the Summary tab

 

 

Ensure that the VM W2k8_base is fully powered on

 

The Win2k8_base VM should be fully powered on by now. You can confirm this by observing the following in the VM's Summary tab

1: Recent Tasks pane shows "Power On virtual machine" task successful

2: Memory stats graphic shows in use memory as green

3: VMware Tools reports "Running", DNS Name and IP Addresses fields are populated

4: Console thumbnail is visible.Note: This may not become visible until the VM has been fully powered on for several minutes so there is no need to wait for this.

Note: You may need to refresh the interface to speed things along

 

 

Open a console session to the W2k8_base VM

 

Click on Launch Console

 

 

Logon to the console of the W2k8_base VM

 

Click on the browser tab for W2k8_base

Click on the Send Ctrl-Alt-Delete button

Click in the password field and type the password VMware1!

Click on the blue arrow to the right of the password field or press enter

 

 

Open a command prompt on the W2k8_base VM

 

Click on Start

Click on Command Prompt

Note: Due to the screen size and resolution you may have to scroll down to access W2k8_base's start menu.

 

 

Start a continuous ping to the CommandCenter Desktop

 

In the command prompt type

ping 192.168.110.10 -t

Press Enter

 

 

Switch back over to the vSphere Web Client browser tab

 

Click on the vSphere Web Client browser tab

 

 

Switch over to the Networking Tab

 

Click the Networking icon

 

 

Launch the Add and Manage Hosts Wizard

 

Now that we have our continuous ping running on our VM let's migrate the host that it's running on to the new VDS

Ensure that vds-site-a is highlighted in the left navigation pane

Select the Manage tab

Click on Settings

Click on Topology

Click on the Add hoststo this distributed switch and migrate physical or virtual adapters icon

 

 

Add and Manage Hosts - Select task

 

Select Add hosts (Default)

Click Next

 

 

Add and Manage Hosts - Select Hosts

 

Click on the Green +

 

 

Add and Manage Hosts - Select new Hosts

 

Select esx-01a.corp.local

Click OK

Note: If your list is empty you can logout and log back in the vSphere Web UI, it will fix this known issue.

 

 

Add and Manage Hosts - Select hosts

 

Ensure that (New) esx-01a.corp.local is in the list

Click Next

 

 

Add and Manage Hosts - Select network adapter tasks

 

Check Managed physical adapters (default)

Check Manage virtual adapters (default)

Check Migrate virtual machine networking. Note:Selecting this options allows users to migrate the virtual machines connected to the standard switch to a distributed switch. Please note that there is no downtime while migrating these virtual machines from VSS to VDS.

Uncheck Manage advanced host settings (default)

Click Next

 

 

Add and Manage Hosts - Manage physical network adapters

 

As you can see, all the vmnics are currently connected to vSwitch0, which is a vSphere Standard Switch. We will move these vmnics from the VSS to the VDS. To reduce lab time we will only assign vmnic0 and vmnic1 to VDS.

Click on vmnic0

Click on the Assign uplink icon

 

 

Select an Uplink for vmnic0

 

Click on Uplink 1

Click OK

 

 

Add and Manage Hosts - Manage virtual network adapters

 

Click on vmnic1

Click on the Assign uplink icon

 

 

Select an Uplink for vmnic1

 

Click on Uplink 2

Click OK

 

 

Add and Manage Hosts - Manage virtual network adapters

 

Observe that both vmnic0 and vmnic1 are to be migrated to the uplinks defined in the vDS Uplink Port Group.

vmnic0 (Assigned) - vSwitch0 - Uplink 1 - vds-site-a-corpnet-uplink

vmnic1 (Assigned) - vSwitch0 - Uplink 2 - vds-site-a-corpnet-uplink

Click Next

 

 

Manage virtual network adapters - Management Network

 

After assigning vmnics, the next step is to assign the virtual network adapters (vmknics) from the VSS port groups to the VDS distributed port groups.

Click vmk0. As you can see vmk0 is the management network vmkernel NIC.

Click on the Assign port group icon

 

 

Assign destination port group - Management Network

 

Connect vmk0 to the distributed port group created for management network.

Click Management Network (A)

Click OK

 

 

Manage virtual network adapters

 

Ensure that all of your vSwitch port groups are reassigned to the proper VDS distributed port groups

vmk0 (Reassigned) - vSwitch0 - Management Network - Management Network (A)

vmk1 - vSwitch0 - Storage Network - Do not migrate

Note:Under normal circumstances we would migrate all of the VSS port groups to the VDS. In order to keep the lab time manageable we are going to leave the Storage Network attached to the VSS.

Click Next

 

 

Add and Manage Hosts - Analyze impact

 

Click Next

 

 

Add and Manage Hosts - Migrate VM Networking

 

After migrating the vmkernel NICs it is time to migrate the virtual machines from the VSS to the VDS. In this example we have a windows virtual machine named W2k8_base running on host esx-01a.corp.local.

Click on W2k8_base

Click on the Assign port group icon

 

 

Add and Manage Hosts - Migrate VM Networking - Select Network

 

Click VM Network (A)

Click OK

 

 

Add and Manage Hosts - Migrate VM Networking

 

Ensure that all VM's are mapped to the VM Network (A) on the vDS

W2k8_base - VM Network (A)

Click Next

 

 

Add and Manage Hosts - Ready to complete

 

Click Finish

 

 

Observe that host esx-01a was migrated to the VDS

 

Click on the arrows to expand the different sections of the VDS Topology

Now that we have migrated the Host to the new VDS let's check back on our VM and it's continuous ping to ensure that we didn't loose connectivity during the migration.

 

 

Observe that the W2k8_base VM maintained connectivity throughout the migration

 

Click on the W2k8_base browser tab

Scroll up on the continuous ping and observe that no packets were dropped during the migration

Press Ctrl-C to stop the continuous ping

Observe the number of packets lost (It should be 0)

This concludes this portion of the lab. In the next section we will use host profiles to migrate another host to the VDS

 

Host Profiles based VSS to VDS migration


In this lab section we will extract a host profile from the host we migrated to the VDS in the previous step and then apply that host profile to another host. This host profile method helps in an environment where you have a large number of hosts that you need to migrate to VDS.


 

Switch back over to the vSphere Web Client

 

Click on the vSphere Web Client browser tab

 

 

Switch over to the Home View

 

Click on the Home icon

 

 

Select Host Profiles

 

Click of the Host Profiles icon

 

 

Extract Profile from Host

 

Click on the Green plus sign to Extract Profile from a host

 

 

Extract Host Profile - Select Host

 

Click on esx-01a.corp.local

Click Next

 

 

Extract Host Profile - Name and Description

 

Name: VDS Host Profile

Description: Host Profile extracted from esx-01a.corp.local after it was migrated to the VDS.

Click Next

 

 

Extract Host Profile - Ready to complete

 

Click Finish

 

 

Wait for the Host Profile extraction to complete

 

Watch the Recent Tasks pane to see the status of the Create a host Profile task

When the process is complete you will see the new host profile show up in the Objects pane

 

 

Attach the newly created host profile to the host esx-02a.corp.local

 

Click on the Attach/Detach a host profile from hosts and clusters icon

 

 

VDS Host Profile - Attach/Detach Hosts and Clusters - Select Hosts/Clusters

 

Click the arrow to the left of Cluster Site A to show the list of hosts in the cluster

Click on esx-02a.corp.local

Note: Be careful to choose the right host as the order can change.

Click Attach

 

 

VDS Host Profile - Attach/Detach Hosts and Clusters - Select Hosts/Clusters

 

Ensure that esx-02a.corp.local appears in the right hand side pane

Click Next

 

 

VDS Host Profile - Attach/Detach Hosts and Clusters Customize Hosts

 

Note: Expand the columns to ensure you are configuring the proper interfaces.

Note: Leave the MAC Address field blank. vSphere will generate a MAC addresses for this interface.

esx-02a.corp.local | Host IPv4 address | vds-sitea:Management Network = 192.168.110.52

esx-02a.corp.local | Subnet Mask | vds-sitea:Management Network = 255.255.255.0

Click Finish

 

 

Check esx-02a for host profile compliance

 

Click on VDS Host Profile

 

 

View Related Objects

 

Click on the Related Objects tab

 

 

Check Host Profile Compliance

 

Click on Actions -> All vCenter Actions -> Host Profiles -> Check Host Profile Compliance

 

 

Observe the host profile compliance status of esx-02a.corp.local

 

Click on esx-02a.corp.local

 

 

Observe the host profile compliance status of esx-02a.corp.local

 

Click the Summary tab

Scroll down until you can see the Host Profile Compliance widget.

Expand the Host Profile Compliance widget by click on the maximize icon in the top right hand corner of the widget.

 

 

Observe the host profile compliance status of esx-02a.corp.local

 

Expand the sections by clicking on the arrows

Observe the non-compliant settings

Click on the VDS Host Profile tab to return to the host profile view

 

 

Put esx-02a.corp.local into maintenance mode

 

Click the maintenance mode icon

 

 

Confirm Maintenance Mode

 

Uncheck the box to Move powered-off and suspended virtual machines to other hosts in the cluster

Click OK

 

 

Remediate esx-02a.corp.local to be compliant with the host profile

 

Wait for esx-02a.corp.local to enter maintenance mode

Click on Actions -> All vCenter Actions -> Host Profile -> Remediate

 

 

VDS Host Profile - Remediate host based on host profile - Customize hosts

 

Click Next

 

 

VDS Host Profile - Remediate host based on host profile - Review Remediation Tasks

 

Click on the arrow to reveal the remediation tasks for esx-02a.corp.local

Click Finish

 

 

Wait for the host configuration changes to complete

 

Watch the Recent Tasks pane for the Check Compliance and the Apply host configuration tasks to complete

 

 

Exit maintenance mode on host esx-02a.corp.local

 

Click the Exit maintenance mode icon

 

 

Review the Host Profile Compliance status of esx-02a.corp.local

 

Click on esx-02a.corp.local

 

 

Review the Host Profile Compliance status of esx-02a.corp.local

 

Observe the Host Profile Compliance widget (Status should be Compliant)

 

 

Observe the Networking changes to host esx-02a.corp.local

 

Click Manage

Click Networking

Click Virtual switches

Click vds-site-a

Observe that the Management Network and the VM Network have been migrated to the VDS

We have now effectively migrated host esx-02a.corp.local to the VDS using host profiles

This completes this portion of the lab.

 

Module 2 - Implementing Quality of Service (QoS) Tagging & Traffic Filtering on the VDS

Implementing Quality of Service (QoS) Tagging


Two types of QoS Marking/Tagging common in networking are 802.1p (COS) applied on Ethernet(Layer 2) packets and Differentiated Service Code Point (DSCP) Marking applied on IP packets. The physical network devices use these tags to identify important traffic types and provide Quality of Service based on the value of the tag. As business critical and latency sensitive applications are virtualized and run in parallel with other applications on ESXi hosts, it is important to enable traffic management and tagging features on the VDS.

The traffic management feature on the VDS helps reserve bandwidth for important traffic types, and the tagging feature allows the external physical network to understand the level of importance of each traffic type. It is a best practice to tag the traffic near the source to help achieve end-to-end Quality of Service (QoS). During network congestion scenarios, the tagged traffic doesn’t get dropped which translates to a higher Quality of Service (QoS) for the tagged traffic.

VMware has supported 802.1p tagging on the VDS since the vSphere 5.1 release. The 802.1p tag is inserted in the Ethernet header before the packet is sent out on the physical network. In the 5.5 release, the DSCP marking support allows users to insert tags in the IP header. The IP header level tagging helps in layer 3 environments, where physical routers prefer the IP header tag to the Ethernet header tag.

Once the packets are classified based on the qualifiers described in the traffic filtering section, users can choose to perform Ethernet (layer2) or IP (layer 3) header level marking. The markings can be configured at the port group level.


 

Where is the DSCP tag field in the Packet ?

 

In this lab module we will implement DSCP tagging on all egress traffic on the VM Network Port Group.

We will then capture some traffic passing through the VDS and observe the DSCP field in the packet header.

Note: These lab modules were designed to run independently and out of order. If you are going in order and just completed module #1 you can skip the first two steps.

 

 

Launch Firefox from the ControlCenter Desktop

 

Double click the Firefox icon on the ControlCenterDesktop

 

 

Password and Command Line Help File

 

Look for a text file on the ControlCenter Desktop named HOL-SDC-1302

This file contains all of the passwords and long command line entries found in this lab.

If needed, you can use this file for copying and pasting passwords and command line text into the lab environment.

Tip: Use the method of highlighting text and right-mouse clicking to copy and paste for consistency as the keyboard combinations ctrl-c and ctrl-v do not work on all keyboard types.

 

 

Login to the vCenter Console

 

Login to the VMware vSphere Web Client

User name: root

Password: VMware1!

Click Login

 

 

Select vCenter

 

Click on the vCenter icon

 

 

Select VMs and Templates

 

Click on VMs and Templates in the left hand navigation pane

 

 

Power on a VM on the host esx-04a

 

Navigate to W12-core in the left hand navigation pane

Click on W12-core

Click on Actions

Click Power On

 

 

Select Networking

 

Click on Networking

 

 

Select the VM Network Port Group on vds-site-b

 

In the left hand navigation pane navigate to vc-1-01a -> Datacenter Site A -> vds-site-b -> VM Network

Click on the Manage tab

Click on the Settings tab

Click on the Edit button

 

 

VM Network - Edit Settings - Traffic filtering and marking

 

Click on Traffic filtering and marking

In the Status drop down box choose Enabled

 

 

VM Network - Edit Settings - Traffic filtering and marking - Add

 

Click the Green + to add a New Network Traffic Rule

 

 

New Network Traffic Rule - Action

 

In the Action: drop down box select Tag

 

 

New Network Traffic Rule - DSCP value

 

Check the box to the right of DSCP value

In the drop down box for the DSCP value select Maximum 63

 

 

New Network Traffic Rule - Traffic direction

 

In the Traffic direction drop down box select Egress

 

 

New Network Traffic Rule - Qualifier

 

Now that you have decided to tag the traffic the next question is which traffic you would like to tag. There are three options available while defining the qualifier:

1) System Traffic Qualifier

2) New MAC qualifier

3) New IP Qualifier.

That means users have options to select packets based on system traffic types, MAC header or IP header fields. In this example we will create qualifier based on system traffic.

Click the Green + and Select New System traffic Qualifier from the drop down menu

 

 

New Network Traffic Rule - New System Traffic Qualifier

 

Select Virtual Machine

Click OK

 

 

New Network Traffic Rule

 

Check that your rule matches

Name: Network Traffic Rule 1

Action: Tag

DSCP Value: Checked

DSCP Value: 63

Traffic Direction: Egress

System traffic Virtual Machine

Click OK

 

 

VM Network - Edit Settings

 

Click OK

 

 

VMs and Templates

 

Click on the VMs and Templates icon

 

 

Ensure that the W12-core VM is fully powered on

 

The W12-core VM should be fully powered on by now. You can confirm this by observing the following in the VM's Summary tab

In the left hand navigation pane select the W12-core VM

Click on the Summary tab

1: Recent Tasks pane shows "Power On virtual machine" task successful

2: Memory stats graphic shows in use memory as green

3: VMware Tools reports "Running", DNS Name and IP Addresses fields are populated

4: Console thumbnail is visible.Note: This may not become visible until the VM has been fully powered on for several minutes so there is no need to wait for this.

Note: You may need to refresh the interface to speed things along

 

 

Launch the console for the W12-core VM

 

Click on the console thumbnail to open a console to the W12-core VM

 

 

Switch to the W12-core console tab

 

Click on the W12-core console tab

 

 

Login to the W12-core VM

 

Click the Send Ctrl-Alt-Delete button

User: Corp\Administrator

Password: VMware1!

Click the arrow to the right of the password box or press Enter

 

 

Start a continuous ping from W12-core to the ControlCenter Desktop

 

Click in the command prompt box

Type Ping -t 192.168.110.10

Press Enter

 

 

Launch WireShark from the ControlCenter Desktop

 

Click on the Wireshark icon in the task bar of the ControlCenter Desktop

 

 

Select an Interface to capture

 

Click on Interface List

 

 

Wireshark Capture Interfaces

 

Check the box to the left of Local Area Connection VMware vmxnet3 virtual network device

Click Start

 

 

Stop the Capture

 

Click the Stop the running live capture icon

 

 

Filter the capture for ICMP traffic

 

In the Filter: box type icmp

Click the Apply icon

 

 

Inspect an icmp packet

 

Click on any of the ICMP request packets from 192.168.110.127(The W12-core VM)

Click the plus sign to the left of Internet Protocol version 4

Click the plus sign to the left of Differentiated Services Field

Observe the DSCP value of 63 in hexadecimal 0x3f

Now that we have shown that we can tag packets let's investigate traffic filtering.

 

Implementing Traffic Filtering


Traffic filtering is the ability to filter packets based on the various parameters of the packet header. This capability is also referred to as Access Control Lists (ACLs), and it is used to provide port level security on the VDS.

The VDS supports packet classification based on the following three different types of qualifiers:

Once the qualifier is selected and packets are classified, users have the option to either filter or tag the packets.

When the classified packets are selected for filtering, users have the option to filter ingress traffic, egress traffic or both.

As shown in the figure below, the traffic-filtering configuration is at the port group level.

In this lab we will implement traffic filtering to block ICMP (Ping) traffic from the VM Port Group


 

Traffic Filtering Diagram

 

The VDS supports packet classification based on the following three different types of qualifiers:

Once the qualifier is selected and packets are classified, users have the option to either filter or tag the packets.

When the classified packets are selected for filtering, users have the option to filter ingress traffic, egress traffic or both.

As shown in the figure above, the traffic-filtering configuration is at the port group level.

In this lab we will implement traffic filtering to block ICMP (Ping) traffic from the VM Port Group

 

 

Switch back to Firefox

 

Click on the Firefox icon on the taskbar of the ControlCenter Desktop

 

 

Return to the vSphere Web Client Tab

 

Click on the vSphere Web Client Tab

 

 

Select Networking

 

Click on the Networking Icon

 

 

Edit the VM Network Port Group Settings

 

Note: You should already be at this view from the previous module but if you have navigated away you can get back by:

Navigate to Datacenter Site A -> vds-site-b -> VM Network

Click the Manage tab

Click the Settings tab

Click on Properties

Click Edit

 

 

VM Network - Edit Settings - Traffic filtering and marking

 

Click on Traffic filtering and marking in the left hand navigation pane

Click on the Network Traffic Rule 1

Click the Pencil icon (edit)

 

 

Edit Network Traffic Rule - Action

 

Change Action to Drop

 

 

Edit Network Traffic Rule - New IP Qualifier

 

Click the Green + to add a new qualifier

Select New IP Qualifier... from the drop down list

 

 

New IP Qualifier

 

Select ICMP from the Protocol drop down menu

Click OK

 

 

Remove the System traffic qualifier

 

Click on the System traffic qualifier

Click the Red X to remove the System traffic qualifier

 

 

Remove the System traffic qualifier

 

Click Yes

 

 

Edit Network Traffic Rule

 

Click OK

 

 

VM Network - Edit Settings

 

Ensure that your Traffic filtering and marking settings match

1 | Network Traffic Rule 1| Drop | Egress

IP | ICMP

Click OK

 

 

Observe that ICMP (Ping) traffic is now being dropped

 

Click on the W12-core console tab in Firefox

Observe that the ping from W12-core is now timing out (The ICMP packets are now being filtered out on the VM Port Group)

 

 

Switch back over to the vSphere Web Client

 

Click on the vSphere Web Client browser tab

 

 

Edit the VM Network port group

 

Note: You should already be at this view from the previous module but if you have navigated away you can get back by:

Navigate to Datacenter Site A -> vds-site-b -> VM Network

Click the Manage tab

Click the Settings tab

Click on Properties

Click Edit

 

 

Remove Network Traffic Rule 1

 

Click on Traffic filtering and marking in the left hand navigation pane

Click on the Network Traffic Rule 1

Click the red X icon

 

 

Click OK

 

Observe that the Network Traffic Rule 1 is gone

Click OK

 

 

Observe that ICMP traffic is once again flowing between the VM's

 

Switch back over to the W12-core VM console

Observe that ping (ICMP) traffic is once again flowing between VM's

This concludes the QOS tagging and packet filtering module of this lab,before going to the next session you can stop the ping running on W12-core.

 

Module 3 - Monitoring the vSphere Distributed Switch with ERSPAN

Monitoring the vSphere Distributed Switch with ERSPAN


The remote mirroring capability on VDS helps you send traffic from a virtual machine running on one host to a virtual machine on another host for debugging or monitoring purposes.

vSphere Distributed Switch 5.1 and above supports the following protocols:

In this lesson we will monitor virtual machine traffic using a centrally located traffic analyzer.


Prepare testing tools


Before configuring ERSPAN we need to prepare our testing infrastructure.


 

Password and Command Line Help File

 

Look for a text file on the ControlCenter Desktop named HOL-SDC-1302

This file contains all of the passwords and long command line entries found in this lab.

If needed, you can use this file for copying and pasting passwords and command line text into the lab environment.

Tip: Use the method of highlighting text and right-mouse clicking to copy and paste for consistency as the keyboard combinations ctrl-c and ctrl-v do not work on all keyboard types.

 

 

Login in to the VMware vSphere Web Client

 

If you aren't already logged in, launch Firefox from the Control Center desktop and authenticate

User name: root
Password: VMware1!

Click Login.

 

 

VM and Templates

 

Click on the VM and Templates icon.

 

 

Power on the W12-core VM

 

If W12-core VM is not currently powered on, power it on now.

Select the W12-core VM

Click on Actions

Select Power On.

 

 

Launch the console for W12-core VM

 

Click on the console thumbnail to open a console to the W12-core VM

 

 

Power on full-sles-01a VM

 

If full-sles-01a is not currently powered on, switch back to the vSphere UI tab and power it on now.

Select the full-sles-01a VM

Click on Actions

select Power On.

Wait until both VMs finish booting.

 

 

Switch to the W12-core console tab

 

Click on the W12-core console tab

 

 

Login to the W12-core VM

 

Click the Send Ctrl-Alt-Delete button

Password: VMware1!

Click the arrow to the right of the password box or press Enter.

 

 

Start a continuous ping from W12-core to full-sles-01

 

Type the following command in a Command Prompt

ping -t 192.168.110.126

PressEnter

 

 

Launch tshark

 

In this module, we will use Tshark, a terminal based network traffic analyzer similar to WireShark.

To launch it, double click on the Tshark icon on thedesktop. We've added a filter to only look at ICMP traffic to/from 192.168.110.126 (full-sles-01a).

 

 

Check the Tshark window

 

In the previous step, the ping succeeded but If you look at your tshark window, you'll see it stays empty. No traffic is currently visible from our Windows desktop.

That's perfectly normal, to get it here, we first need to mirror it using ERSPAN. That's the objective of the next lesson.

Note: For the curious, we've launched Tshark in non promiscuous mode (-p). Our Control Center, being in the same L2 as our Linux VMs, could have seen the traffic in some situations. I.e. If both VMs were hosted on different ESXi hosts. We are using ERSPAN here even if it would have been easier with SPAN as the objective of this module is to demonstre ERSPAN.

 

ERSPAN Configuration


In our nested environment where all of the physical switch configuration is out of reach, a convenient feature to monitor VM traffic from a central location is Encapsulated Remote Span (ERSPAN) as it doesn't require any physical switch configuration.

With ERSPAN you can mirror the traffic to any location in your environment. This is done simply by defining the destination IP address of the mirrored traffic.

In this lesson we will configure our VDS to mirror traffic to the windows desktop where you are currently connected.


 

Add Port Mirroring Session

 

Switch back to the vSphere Web UI

Click on the Networking icon and select the VDS named vds-site-b

Note: be sure to select vds-site-b and not vds-site-a which was created in the first module.

Click Manage

Click Settings.

Click Port Mirroring

Click + New...

 

 

Select session type

 

Select Encapsulated Remote Mirroring (L3) Source and click Next.

 

 

Edit Properties

 

Type ERSPAN-destination in the Name field and Enable its status.

Click Next.

 

 

Select sources

 

There are two options to Select sources, you can select Ports in a list or directly type in a Port IDs range like 2-8 for example.

Click the first + icon to select Port IDs from a list.

 

 

Select Ports

 

Selecting from a list is easier than typing a Port Range, you see the Connected Entity here, so you can easily select the VMs you want to monitor.

Click on the checkbox for the Port ID connected to the full-sles-01a entity. Be careful to select the correct one, the order of your list may differ.

Click OK.

 

 

Limit Traffic Direction

 

By default, mirroring of traffic will happen for both Ingress and Egress traffic. You can limit the direction by clicking on the respective icons.

Click on the left blue arrow to mirror only Egress traffic.

Note: Keep in mind the notion of Egress and Ingress is defined by how the flow relates to the VDS. Egress, in this context, means all the traffic going out of the VDS to the selected Port IDs.

Click Next.

 

 

Select destinations

 

Click the green + icon.

 

 

Add IP Address

 

Type the IP address of the Control Center where we will analyse the mirrored traffic: 192.168.110.10

Click OK.

 

 

Next

 

Click Next.

 

 

Ready to complete

 

Review your Port Mirroring Session settings.

Click Finish.

 

 

Confirm settings

 

Your ERSPAN-destination Port mirroring session is now Enabled.

To confirm the settings you can select ERSPAN-destination and click on the Sources and Destinations tabs.

You should have the same information as the yellow boxes:

Status: Enabled
Connectee: full-sles-01a
Traffic Direction: Egress
Destination: 192.168.110.10 (not displayed in this screen capture, available behind the Destinations tab).

Click on the pencil and update your configuration accordingly until you get the same result.

 

 

Confirm you now see the mirrored traffic

 

Switch to your Tshark window, you should now see the mirrored traffic reaching your Windows desktop.

We only see the Echo request, no reply here, it's normal as we are only mirroring Egress traffic.

If the Tshark window stays empty read the following troubleshooting notes.

Troubleshooting Notes

  1. Check the W12-core console tab to see if the ping is still running. If that's not the case, re-launch it.
  2. Double check the ERSPAN session settings (see previous step).
  3. Make sure you've applied this ERSPAN configuration to vds-site-b and not vds-site-a.

 

ERSPAN and vMotion


Before wrapping up this ERSPAN module, we'll confirm that when vMotioning a VM, its traffic is still mirrored.


 

VMs and Templates

 

Go back to the Web Sphere UI

Click on the VMs and Templates icon.

 

 

Migrate...

 

Select full-sles-01a, Click on Actions and select Migrate...

 

 

Change host

 

Click Next.

 

 

Select Destination Resource

 

Click Next.

 

 

Select Host

 

Select esx-04a.corp.local and click Next.

Note: For the purpose of our lab, we've activated SSH service on esx-03a.corp.local which explains the Warning status on that host.

 

 

Select vMotion Priority

 

Click Next.

 

 

Review Selections

 

Compare your selections with the following yellow boxes.

If that looks the same on your side click Finish, click Back otherwise.

 

 

Mirroring is still happening

 

Switch back to your Tshark window to confirm traffic is still mirrored.

You can now close the Tshark window.

Before closing the W12-core console tab make sure to stop the continuous ping.

This concludes our ERSPAN module, you still have three more modules to go to finish HOL-SDC-1302 lab.

 

Module 4 - Implementing LACP on the vSphere Distributed Switch

Implementing LACP on the vSphere Distributed Switch


Last year, vSphere 5.1 added limited support for Link Aggregation Control Protocol (LACP), the implementation has these constraints:

vSphere 5.5 now comes with an enhanced LACP implementation which now supports:

In this module we will demonstrate how to configure LACP v2.

If you feel confortable with the concepts involved with LACP, you can skip ahead to the next section.

Link Aggregation Control Protocol is a vendor-independent standards defined in IEEE 802.1ax (formerly IEEE 802.3ad). It provides a mechanism to control the bundling of several ports together to form a single logical channel by sending LACP packets to a peer which also implement LACP.

LACP provides higher bandwidth and network redundancy.

The automatic negotiation of link aggregation parameters between virtual and physical switches provides the following advantages over static configuration:

Lastly, one last definition, a Link Aggregation Group is a grouping of multiple individual links - with compatible properties - formed into a single logical channel.


Check requirements


In this lesson we will check the requirements to implement LACP v2 on vSphere.


 

LACP v2 requirements

Before jumping in, please note the following restrictions when using LACP v2:

 

 

Password and Command Line Help File

 

Look for a text file on the ControlCenter Desktop named HOL-SDC-1302

This file contains all of the passwords and long command line entries found in this lab.

If needed, you can use this file for copying and pasting passwords and command line text into the lab environment.

Tip: Use the method of highlighting text and right-mouse clicking to copy and paste for consistency as the keyboard combinations ctrl-c and ctrl-v do not work on all keyboard types.

 

 

Login to the vCenter Console

 

Launch Firefox and authenticate to the vSphere Web UI if it's not yet available to you.

User name: root
Password: VMware1!

 

 

Select the Networking inventory view

 

Click on the Networking icon

 

 

Check vSphere Distributed Switch version

 

Navigate to vds-site-b and click on summary tab. As you can see, VDS version is 5.5. You can confirm LACP Enhanced support by looking at the list of supported features.

Note: If you want to implement LACP v2 on an older version, you first need to upgrade it by clicking on the upgrade link next to its version number.

 

Create a Link Aggregation Group on the VDS


In this lesson we will Create a LAG on the VDS.


 

Add a new LAG group

 

Click on the Manage Tab and then click on LACP.

You can now add a new Link Aggregation Group by clicking on the green + icon.

Note: If you have completed the lab module 1 you will have a second VDS named vds-site-a. Make sure you have selected vds-site-b and not vds-site-a.

 

 

Fill out the form

 

Increase the number of ports to 3, it defines how many physical Nics you want to group together in this logical channel.

Select Source and destination IP address and VLAN as the load balancing scheme and keep everything else as is. As you can see in the current LACP implementation we support lots of different load balancing modes.

Mode Passive means The port is in a passive negotiating state. In passive mode the port responds to LACP packets it receives but does not initiate LACP negotiation.

Note: The Port Policies section is gray, we'll see how to activate it later in the lab .

Click OK.

 

 

LAG created

 

Your lag1 is now created.

In the next step we'll confirm the creation of our LAG in our host.

 

 

Launch PUTTY

 

Click Start > PuTTY

 

 

Connect to esx-03a.corp.local

 

Type esx-03a.corp.local in the Host Name Box and click Open.

 

 

Logon as Root

 

Login as: root
Password: VMware1!

 

 

Confirm LAG creation from the command line

 

Type the following command:

esxcli network vswitch dvs vmware lacp config get

as you can see lag1 is created but it isn't associated with any NICs. We'll do that in the next section.

Note: You can keep Putty open for now.

 

Configure the hosts to use the LAG


In this lesson, we will add physical NICs to our lag1. Please switch back to the vSphere Web UI.


 

Migrating network traffic to LAGs

 

A wizard will help you in migrating network traffic to LAG, make sure you've selected vds-site-b > Manage > Settings > LACP.

Click on Migrating network traffic to LAGs to launch the wizard.

 

 

Add and Manage Hosts...

 

Click on Add and Manage Hosts...

 

 

Manage host networking

 

Click on Manage host networking radio buttonand click Next

 

 

Add hosts

 

Click the green + to add Hosts to the list

 

 

Select Hosts

 

Select both hosts by clicking on the checkbox in the heading and click OK.

 

 

Activate template mode

 

Activate the template mode by clicking on the checkbox at the bottom and click Next.

Note: By using the template node you only configure one node, all the operations will be replicated on the remaining nodes. All the nodes need to have the same configuration. To get more information on this mode, you can click on the gray icon just after (template mode).

 

 

Select template host

 

Select esx-03a.corp.local and click Next.

 

 

Select network adapter tasks

 

Make sure only the first option Manage physical adapters (template mode) is selected and click Next.

 

 

Manage Physical network adapters vmnic1

 

Select vmnic1 and click Assign uplink.

 

 

Assign vmnic1 to lag1-0

 

Select lag1-0 and click OK.

 

 

Manage Physical network adapters vmnic2

 

Select vmnic2 and click Assign uplink.

 

 

Assign vmnic2 to lag1-1

 

Select lag1-1 and click OK.

 

 

Manage Physical network adapters vmnic3

 

Select vmnic3 and click Assign uplink.

 

 

Assign vmnic3 to lag1-2

 

Select lag1-2 and click OK.

 

 

Apply to all

 

To replicate the configuration of esx-03a.corp.local on esx-04a.corp.local click on Apply to all and click Next.

 

 

Analyze impact

 

vCenter tells you there isn't any impact on network dependent services, so you can relax and click Next.

 

 

Ready to complete

 

click Finish to proceed and wait until the operation completes.

 

 

Confirm NICs <-> LAG association from the command line

 

Switch back to your Putty session which should still be connected to esx-03.corp.local.
If you closed it, launch Putty again and connect to esx-03a.corp.local.

Use the up arrow key to recall the last command or type it again:

esxcli network vswitch dvs vmware lacp config get

As you can see, your lag1 is now associated with vmnic1, vmnic2 and vmnic3. Congratulations !!!

Wait, wait, we still have one more thing to do to use this LAG in production.

 

Configure a Port Group to use the LAG


We are almost done with our LACP Hands on lab module, the last step is to configure a Port Group to use this Link Aggregation Group for its uplink.


 

Manage Distributed Port Groups...

 

Switch back to vSphere Web UI

In the wizard click on Manage Distributed Port Groups...

Note: If you closed the wizard earlier, you can reopen it from the LACP settings by clicking on Migrate network traffic to LAGs.

 

 

Select port group policies

 

Select Teaming and failover policies and click Next.

 

 

Select port groups

 

Select Data Port Group and click Next.

Note: Depending on your use case, you can select multiple Port Groups instead by using shift+ctrl click. In our lab we will limit ourselves to the Data Network.

 

 

Teaming and failover

 

Select lag1 and click three times on the up arrow icon to move it above Uplink 1.

 

 

Teaming and failover

 

Click on the red icon warning and read the popup alert which reminds you of an important caveat.

To comply, select Uplink 1 and click on the down arrow two more times .

 

 

Teaming and failover

 

You should have something similar to the screenshot above.

As you can see the red warning icon disappeared and a gray icon appeared next the the load balancing scheme. If you click on it, you'll learn that the load balancing scheme of the Port Group will get overwritten by the one from the LAG.

You can now click Next.

 

 

Ready to complete

 

Click Finish and close the wizard window.

Congratulations, your LACP configuration is now complete for your lag1. In a real-world scenario we would do the same process for the Management, Storage and VM Networks or we could also share a common LAG depending on NICs availability and network requirements.

But, you know the drill, your time at VMworld 2013 is valuable so let's not repeat ourselves and wrap up this module in the next chapter.

 

Check the topology


Now, lets inspect the topology.


 

Topology

 

Click on Topology and Click on the reload icon.

Click on the Data Port Group.

Click on the gray arrow in front of lag1 to see the implementation details for each host.

This confirms Data traffic will use the newly created lag1 which use 3 physical NICs on each host.

 

 

Conclusion

 

This concludes our LACP lab module. Keep in mind when implementing this features the following requirements:

Regarding the maximums, you can have up to 32 LAGs per host but the number of NICs on a host is also limited to 32 if you have 1 Gig interfaces or 8 for 10 Gig ones.

So, for example, you can only create 16 LAGs with two 1 Gig interfaces each.

Thanks for taking the time to learn about LACP in vSphere 5.5.

If you want to know even more about LACP configuration, continue to the next optional lesson, or skip it and go directly to the next module if you are short on time.

 

Allow overrides of port policies (optional)


In this lesson we'll show how to allow a LAG to override Port Group policies. By using this feature, you'll be able to override VLAN or NetFlow settings as soon as the traffic goes out through the specified LAG.

If you are short on time you can skip it.


 

Edit uplink port group settings

 

Click on vds-site-b-corpnet-uplink.

Click Edit distributed port group settings icon.

 

 

Edit Advanced Settings

 

Click on Advanced and Click on Allowed Radio buttons for both VLAN and NetFlow.

Click OK.

 

 

Confirm you can now override Port Policies.

 

Click on LACP.

Select the lag1 LAG and note the Port Policies is currently inherited from uplink port group.

Click on the pencil to edit the LAG.

 

 

Edit Link Aggregation Group

 

As you can see above, you can click on the Override checkbox for both VLAN type and Netflow to override the Port Group policies.

If you do so, all the traffic going out this LAG will comply to this setup no matter the configuration of the originating Port Group.

 

 

Confirm Overrides

 

Port Policies is now overridden.

That conclude the LACP module of the HOL-SDC-1302 Hands on Lab.

 

Module 5 - Network Troubleshooting Using The ESXCLI

Network Troubleshooting Using The ESXCLI


When it comes to network troubleshooting on an ESXi host, there are various types of information that can be useful to a vSphere administrator such as basic information like a virtual machine's IP Addresses, MAC Addresses, Uplink ports, Port ID's, etc. There is also valuable network statistics that can be viewed in the esxtop command-line utility. However, all of this useful information is spread across multiple tools which can be challenging for a vSphere administrator who needs to quickly retrieve this data while troubleshooting an issue.

With the release of vSphere 5.1, the network namespace in ESXCLI has been enhanced to include a comprehensive set of network statistics at various points in the virtual network. This enables a vSphere administrator to easily get an overall status of the vSphere network as well as provide the ability to drill down further for troubleshooting.

In ESXCLI 5.1, you can now retrieve additional network statistics at a physical NIC (vmnic), on a per VLAN (portgroup) which needs to be configured and on a per VMport (vNIC).

Note:Network statistics are available on a per host basis and this is applicable to both a Distributed Virtual Switch as well as a regular Virtual Standard Switch.


 

Illustration of areas where we can retrieve network statistics

 

In this lab we will use the ESXCLI to:

1: View all of the physical NIC's (vmnic's) attached to a host

2: Gather network statistics from a vmnic

3: Gather VLAN statistics from a vmnic

4: List all VM's with active vnics on a host

5: Gather all of the network detail from a VM's vnic

 

Gathering network stats and other useful information with the ESXCLI


In this lesson we will gather network statistics and other useful information with the ESXCLI.


 

Launch Firefox from the ControlCenter Desktop

 

Double click the Firefox icon on the ControlCenterDesktop

 

 

Password and Command Line Help File

 

Look for a text file on the ControlCenter Desktop named HOL-SDC-1302

This file contains all of the passwords and long command line entries found in this lab.

If needed, you can use this file for copying and pasting passwords and command line text into the lab environment.

Tip: Use the method of highlighting text and right-mouse clicking to copy and paste for consistency as the keyboard combinations ctrl-c and ctrl-v do not work on all keyboard types.

 

 

Login to the vCenter Console

 

Login to the VMware vSphere Web Client

User name: root

Password: VMware1!

Click Login

 

 

Select vCenter

 

Click on vCenter

 

 

Select Hosts and Clusters

 

Click on Hosts and Clusters

 

 

Usability Tip - Unpinning the right hand pane to maximize viewable screen space

 

Click on the thumbtack icon on the top of the right to unpin the right hand pane and allow it to minimize

 

 

Usability Tip - Unpinning the right hand pane to maximize viewable screen space

 

Notes:

1: Roll over the minimized pane to expand it

2: Click on the thumbnail icon again to re-pin the pane and stop it from minimizing

 

 

Host Security Profile - Services

 

Navigate to host esx-01a.corp.local in the left hand navigation pane

Click the Manage tab

Click the Settings tab

Select System -> Security Profile from the list of settings

Scroll down until you find the Services section

Click Edit

 

 

Start The SSH Daemon

 

Select SSH from the lis tof daemons

Click Start

 

 

Confirm that the SSH daemon is Running

 

Observe that the SSH daemon is running

Note: Do not close the vSphere Web UI. We will need it a little later in the lab.

 

 

Launch PuTTY

 

From the ControlCenter desktop click Start

Click on the PuTTY icon

 

 

Open an SSH session to host "esx-01a"

 

In the Host Name (or IP address) box type esx-01a

Click Open

 

 

PuTTY Security Alert

 

Click Yes

 

 

Login to the ESXCLI

 

Login as: root

Password: VMware1!

 

 

View all physical NIC's attached to Host esx-01a

 

Type esxcli network nic list

Press Enter

 

 

Gather network statistics from "vmnic1"

 

Type esxcli network nic stats get -n vmnic1

Press Enter

 

 

Enable VLAN stats on "vmnic1"

 

Type esxcli network nic vlan stats set -e true -n vmnic1

Press Enter

 

 

Retrieve all VLAN stats for "vmnic1"

 

Type esxcli network nic vlan stats get -n vmnic1

Observe the vLAN statistics for VLAN 0 (The only vLAN on vmnic1)

Press Enter

 

 

Switch back to the vSphere Web Client tab of the Firefox browser

 

From the task bar on the ControlCenter desktop click on the vSphere Web Client - Mozilla Firefox icon

 

 

Start the "W2k8_base" VM (If it's not already running)

 

Click on the VMs and Templates icon

Click on the W2k8_base VM

Click on Actions

Select Power On from the context menu

Note: If you are doing the lab sections in order W2k8_base may still be running from the earlier section on migration. If this is the case, you can skip this step.

 

 

Ensure that the W2k8_base VM is fully powered on

 

The W2k8_base VM should be fully powered on. You can confirm this by observing the following in the VM's Summary tab

In the left hand navigation pane select the W2k8_base VM

1: Recent Tasks pane shows "Power On virtual machine" task successful

2: Memory stats graphic shows in use memory as green

3: VMware Tools reports "Running", DNS Name and IP Addresses fields are populated

4: Console thumbnail is visible.Note: This may not become visible until the VM has been fully powered on for several minutes so there is no need to wait for this.

Note: You may need to refresh the interface to speed things along

 

 

Switch back to PuTTY and our open session to esx-01a

 

From the task bar on the Control Center desktop click on the esx-01a.corp.local - PuTTY icon

 

 

List all VM's with active network connections

 

Type esxcli network vm list

Note: Take note of your World ID as you will need it in the next step

 

 

Get all of the networking details for the W2k8 VM

 

 

Type esxcli network vm port list -w World ID (Where World ID is the World ID value we revealed in the previous step)

Observe all of the network information for the W2k8_base VM

Now, let's investigate how the new packet capture utility can help us gather even more granular information that we can use to troubleshoot the network.

 

Troubleshooting the virtual network with the new packet capture tool


In this section of the lab we will use the new packet capture tool to gather network traffic programmatically for analysis.


 

Switch back over to the vSphere Web Client tab in Firefox

 

On the ControlCenter Desktop click on the vSphere Web Client - Mozilla Firefox icon

 

 

Start the base-sles VM

 

Note: You can skip this step if you left the base-sles VM powered on from the QOS tagging module.

Click on the VMs and Templates icon

Click on the base-sles VM

Click on Actions

Select Power On from the context menu

 

 

Wait for the base-sles VM to fully power up

 

Indications that a VM is fully powered on:

1: Recent Tasks pane shows "Power On virtual machine" task successful

2: Memory stats graphic shows in use memory as green

3: VMware Tools reports "Running", DNS Name and IP Addresses fields are populated

4: Console thumbnail is visible.Note: This may not become visible until the VM has been fully powered on for several minutes so there is no need to wait for this.

 

 

Start the "W12-core" VM

 

Note: You can skip this step if you left the W12-core VM powered on from the QOS tagging module.

Navigate to W12-core in the left hand navigation pane

Click on W12-core

Click on Actions

Click Power On

 

 

Wait for VM W12-core to fully power up

 

Indications that a VM is fully powered on:

1: Recent Tasks pane shows "Power On virtual machine" task successful

2: Memory stats graphic shows in use memory as green

3: VMware Tools reports "Running", DNS Name and IP Addresses fields are populated

4: Console thumbnail is visible.Note: This may not become visible until the VM has been fully powered on for several minutes so there is no need to wait for this.

 

 

Launch the console for the W12-core VM

 

Click on the console thumbnail to open a console to the W12-core VM

 

 

Switch to the W12-core console tab

 

Click on the W12-core console tab

 

 

Login to the W12-core VM

 

Click the Send Ctrl-Alt-Delete button

User: Corp\Administrator

Password: VMware1!

Click the arrow to the right of the password box or press Enter

 

 

Start a continuous ping from W12-core to base-sles

 

Click in the command prompt box

Type Ping -t 192.168.110.125

Press Enter

 

 

Launch PuTTY

 

From the ControlCenter desktop click Start

Click on the PuTTY icon

 

 

Open an SSH session to host "esx-03a"

 

In the Host Name (or IP address) box type esx-03a

Click Open

 

 

Login to the ESXCLI

 

Login as: root

Password: VMware1!

 

 

Introducing the new Packet Capture tool

 

Type pktcap-uw --help

Press Enter

Observe the command usage for the Packet Capture and Trace command

 

 

Capture packets from at vmnic

 

1: Type pktcap-uw --uplink vmnic0 -c 60 -o vmnic_capture.pcap

Press Enter

Wait for the packet capture to complete.

 

 

Discover the vnic port-id using esxtop

 

Type esxtop

Press Enter

Press n

Observe and note the PORT-ID of the base-sles VM

Press q to exit esxtop

 

 

Capture packets at the vnic

 

1: Type pktcap-uw --switchport # -c 25 -o vnic_capture.pcap (where # is the port-id from the previous step)

PressEnter

Wait for the packet capture to complete.

 

 

Capture packets at the vmknic

 

1: Type pktcap-uw --vmk vmk0 -c 25 -o vmknic_capture.pcap

Press Enter

Wait for the packet capture to complete.

 

 

Capture packets at the vmknic filtered by a destination IP address

 

Type pktcap-uw --vmk vmk0 -c 25 --dstip 192.168.110.22 -o vmknic_filtered_capture.pcap

Press Enter

Wait for the packet capture to complete.

 

 

Start a WinSCP connection to host ESX-03a.corp.local

 

From the ControlCenter Desktop click on the WinSCP icon

 

 

WinSCP Login

 

1: Host name: esx-03a

2: User name: root

3: Password: VMware1!

4: Click Login

 

 

WinSCP Warning

 

Click Yes

 

 

Copy the capture files from the host to the ControlCenter Desktop

 

1: Scroll down on the right hand side remote directory view on host esx-03a

2: In the right hand pane of WinSCP hold down CTRL and select the four .pcap capture files

Right click on the selection and choose copy from the list

 

 

Copy

 

Click Copy

 

 

Open an explorer window on the ControlCenter Desktop

 

From the taskbar of the ControlCenter Desktop click on the Explorer icon

 

 

Select the Documents folder

 

In the left hand navigation pane of the explorer window click the Documents icon.

 

 

Open the unfiltered vmknic capture file in WireShark

 

Double click on the file named vmknic_capture.pcap

 

 

Observe the traffic flowing through the vmkernel interface vmk0

 

Observe the traffic:

1: There is an open SSH connection between the ControlCenter Desktop and the host ESX-03a

2: Host ESX-03a is sending Syslog traffic to the vCenter Appliance

 

 

Switch over to the open Explorer Documents Window

 

From the taskbar of the ControlCenter Desktop click on the Explorer icon

 

 

Open the filtered vmknic capture file in WireShark

 

Double click on the file named vmknic_filtered_capture.pcap

 

 

Observe the filtered traffic flowing through the vmkernel interface vmk0

 

Observe that the filtered packet capture only contains packets headed to the vCenter Server Appliance (192.168.110.22)

If time permits, feel free to open and observe the additional capture files we created.

This concludes this portion on the lab.

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-SDC-1302

Version: 20140321-160604