Michael Schroeder - ElasticSky

20. April 20219. May 2021

NSX-T Edge Ports blocked on N-VDS

Recently I activated Tanzu with NSX-T in my homelab. After some hurdles in the planning phase, the configuration worked fine and also north-south routing worked flawlessly. My edge nodes established BGP peering with the physical router and advertised new routes. New segments are immediately available without further configuratiom on the router.

One feature that distinguishes my lab from a production environment is that it doesn’t run 24/7. After the work is done, the whole cluster is shut down and the system is powered off. An idle cluster makes a lot of noise and consumes unnecessary energy.

Recently I booted the lab and observed that no communication with the router or DNS server was possible from my NSX segments. A perfect case for troubleshooting.

First I checked the Geneve tunnels between the transport nodes. Here everything was fine and every transport node was able to communicate with every other transport node. The root cause was quickly located in the edge nodes. Neither a reboot of the edges nor a vMotion to another host did improve the situation.

The Edges weren’t completely offline. They were administrable using the management network. Traceroute was working via T1 and T0 service routers up to the fastpath interface fp-eth0. From there, no packets were forwarded.

The interface fp-eth0 is connected to the distributed port group “Edge-Trunk” on vSwitch VDS-NSX. A quick check in the vSphere client showed that the uplink ports of both edges were blocked. Not in the “down” state, but blocked.

At this point, I would ask a customer what he has changed. But I am very sure that I did not make any changes to the system or the configuration. Yes, they all say that 😉

1. April 20211. April 2021

Monitor Tanzu K8s Compliance with Runecast Analyzer

Checking the cluster’s compliance for security or hidden problems is meanwhile a standard task. There are automated tools to do the job such as VMware Skyline or Runecast Analyzer. In addition to standard vSphere clusters, the latter can also check vSAN, NSX-T, AWS, Kubernetes and, since version 5.0, Azure for compliance.

In this blog post I’d like to outline how to connect a vSphere with Tanzu [*] environment to Runcast Analyzer. [* native Kubernetes Pods and TKG on vSphere]

Some steps are simplified because it is a Lab environment. I will point this out at the given point.

Before we can register Tanzu in Runecast Analyzer, we need some information.

IP address or FQDN of the SupervisorControlPlane
Service account with access to the SupervisorControlPlane
Service account access token

30. March 20213. April 2021

vExpert Pro 2021

This year I applied for the VMware vExpert Pro program for the first time and was delighted to receive the news on Monday that I had been accepted.

What is vExpert Pro?

The idea behind the launch of the vExpert Pro program is to create a worldwide network of vExperts who are willing to find, support, and mentor new vExperts in their local communities.

VMware launched the program 2018 and describes vExpert Pro as cited below.

A vExpert Pro is a current vExpert who excels in their local region, adding value to the program and giving back to the community. This person has a strong relationship with the local IT community in general, and works as an advocate for the vExpert program, recruiting, mentoring and training people.

What does vExpert Pro mean for me?

I see it as an honor and recognition for the work I have been doing in and for the community over the last several years.

There is a large number of unknown experts around the world with a high level of knowledge and a willingness to share this expertise with others. They often lack just a little push to apply for the vExpert program. Many don’t consider themselves good enough or worthy of becoming part of the vExpert program. This is where the vExpert Pro will come into play. It is their mission as mentors to assist new experts in finding their way into the community.

I’ve been actively blogging since 2010, and for a long time I too considered my own content to be insignificant or not good enough. So it finally wasn’t until 2017 that I applied to become a vExpert for the first time. Back then, I would have appreciated a mentor like a vExpert Pro. This would have certainly helped me get to the vExpert program with more confidence and also much sooner. I consider this to be my primary mission as a vExpert Pro.

I have been actively mentoring in the VMUG Mentorship Program for some time now and have been coaching two candidates (mentees) from Indonesia and Poland. Here the focus is on personal development, training and improvement of communication skills such as public speaking. The vExpert Pro is the logical next step in this activity. I would like to guide talents in my region on the path to the vExpert and support them in every way possible.

Get in touch

Have you ever thought about joining the vExpert program? Did you abandon the idea because you lacked the courage or motivation? Then don’t hesitate to get in touch with me.

You can reach out on my Twitter handle @Microlytix, or LinkedIn, or my VMUG profile.

8. March 202127. March 2021

Don’t confuse a blog post with a deployment guide

Lab environments are a great thing. We can test new products on a small scale platform and demonstrate them as a proof of concept (PoC).

Like many of my fellow bloggers I write down my lab experience in little blog posts that I share with the community. I regularly read blogs and tutorials to keep myself informed about new products and techniques. There is hardly a topic in the field of virtualization that someone hasn’t written something about at some point. This is invaluable, as it gives you a quick introduction to what is usually a complex subject.

When reading my (and other) blog posts, you may get the impression that the described setup procedure follows the simple skip-skip-finish principle. In other words, accept the default values, click three times and the installation is complete. This might be true in the lab, but a real life deployment is miles away from a lab setup.

In the lab many things are simplified to the max according to the KISS principle (keep it simple and stupid). Some of the methods used are not necessarily in compliance with the manufacturer’s recommendations, or are outright forbidden in productive environments.

This means : Having read a tutorial by my favorite blogger [insert name here] does not enable me to transfer what I have learned 1:1 to a real project.

I have had several discussions about this in preliminary project meetings. People have asked why the planning phase takes so much time. They said that (they thought) the product was totally easy to install, as you can read on [insert name here]’s blog.

As a blogger and lab user, I know how to view these posts. They are to be understood as a quick introduction and an easy to understand overview of a new technology. This has very little to do with real world deployments. In this posting, I would like to point this out with the help of a few examples: