Tag Archives: NSX

Monitoring NSX Edge, SSL VPN, Firewall and Logical Switch

This blog is contributed by my friend Luciano Gomes, a VMware PSO Senior Consultant in Rio de Janeiro Area, Brazil. Thank you, Lucky!

In this post, I would like to show you how you can monitor NSX Edge, SSL VPN, Firewall and Logical Switch using only one dashboard.

First, let’s get the prerequisites out of the way:

  1. vRealize Operations (Advanced/Enterprise License)
  2. vCenter + NSX
  3. vR Ops Management Pack for NSX

My friend Romain Decker has covered the installation of the Management Pack. Read it here first.

Another friend (life is good when you have many experts as friends!), Lan Nguyen, has documented how to import the dashboard here.

With the above done, go download the Dashboard to be imported here

One done, follow the steps below to configure the Metric Config XML Files.

The above will take you to the Manage Metric Config screen.

  1. Click ReskndMetric folder to expand
  2. Click Green Plus Sign to create a new file.

Give the name exactly below:

Copy and paste this XML below:

<?xml version="1.0" encoding="UTF-8"?>

<AdapterKinds>
 <AdapterKind adapterKindKey="NSX">
 <ResourceKind resourceKindKey="SSLVPNEdgeService">
 <Metric attrkey="clients|clients_active" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="clients|auth_failures" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="clients|tx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="clients|rx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="clients|utilization" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="clients|workload" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="status|service_status" label="" unit="" yellow="" orange="" red=""/>
 </ResourceKind>
 <ResourceKind resourceKindKey="FirewallEdgeService">
 <Metric attrkey="rule|used" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="status|service_status" label="" unit="" yellow="" orange="" red=""/>
 </ResourceKind>
 <ResourceKind resourceKindKey="EdgeServicesGateway">
 <Metric attrkey="cpu|used_percent" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="disk|used_percent" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface|tx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface|tx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface|rx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface|rx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface:Uplink|rx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface:Uplink|rx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface:Uplink|tx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface:Uplink|tx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface:Uplink|connection_health" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="interface:Uplink|connected" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="net|usage_average" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="net|used_percent" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="net|maxObserved_KBps" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="status|attached_vms" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="status|running" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="status|status" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="mem|used_percent" label="" unit="" yellow="" orange="" red=""/>
 </ResourceKind>
 <ResourceKind resourceKindKey="LogicalSwitch">
 <Metric attrkey="port|max" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|dropped_packet_pct" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|dropped_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|broadcast_tx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|dropped_tx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|multicast_tx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|tx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|used" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|utilization" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|maxobserved_util" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|maxobserved_rx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|maxobserved_tx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|unicast_rx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|rx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|rx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|multicast_rx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|dropped_rx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|broadcast_rx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|unicast_tx_packets" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="port|tx_traffic" label="" unit="" yellow="" orange="" red=""/>
 <Metric attrkey="summary|attached_vms" label="" unit="" yellow="" orange="" red=""/>
 </ResourceKind>
 </AdapterKind>
 </AdapterKinds>

That’s it!

To use the Dashboard, see the image below:

Hope you find it useful. Do reach out via Linkedin and Twitter. Thanks for reading!

Sample dashboards to monitor NSX Load Balancers

This blog is contributed by my friend Luciano Gomes, a VMware PSO Consultant in Rio de Janeiro Area, Brazil. Thank you Lucky!

vRealize Operations NSX for vSphere v3.0 management pack has 4 “out-of-the-box” dashboards. In this blog, I will show you how to create 2 dashboards to monitor Load Balance Services. You can certainly expand the idea to monitor any service hosted by NSX Edge). I will provide the files, so you can just import the XML file. So, let’s get started.

Pre-requisites

You should have the following up and running:

  • vRealize Operations. I recommend 6.2.1 release.
  • NSX Load Balancer
  • NSX for vSphere Management Pack

Configuring the XML and importing the Dashboards:

Create a new Metric Config file. Copy and paste this text below into it. This drives the customised metric shown in the dashboard.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <AdapterKinds>
 <AdapterKind adapterKindKey="NSX">
 <ResourceKind resourceKindKey="LoadBalancerEdgeService">
 <Metric attrkey="virtualserver|session_rate" label="Virtual Server|Sessions per second" unit="Sessions" yellow="500" orange="7000" red="85000" />
 <Metric attrkey="virtualserver|current_sessions" label="Virtual Server|Current Sessions" unit="Sessions" yellow="5000" orange="7000" red="85000" />
 <Metric attrkey="virtualserver|max_sessions" label="Virtual Server|Max Observed Sessions" unit="Sessions" yellow="500" orange="7000" red="85000" />
 <Metric attrkey="pool|session_rate" label="Pool|Sessions per second " unit="Sessions" yellow="500" orange="700" red="850" />
 <Metric attrkey="pool|current_sessions" label="Pool|Current Sessions" unit="Sessions" yellow="500" orange="700" red="850" />
 <Metric attrkey="pool|max_sessions" label="Pool|Max Observed Sessions" unit="Sessions" yellow="500" orange="700" red="850" />
 </ResourceKind>
 </AdapterKind>
 </AdapterKinds>

If you are not sure how to do it, here is the instruction and screenshot.

  1. Click Content on the main navigation
  2. Click Manage Metric Config from the menu on the left.
  3. Select ReskndMetric
  4. Click Plus green icon, to create new file
  5. Give a name to file: load.xml
  6. Save the file.

nsx1

The next step is to import the dashboards. Download it from this link link, then follow the steps

  1. Click Content, then Dashboard
  2. Click in the Gear icon.
  3. Choose Import Dashboards from the drop down menu.
  4. Choose the file that you’ve just downloaded. It contains 2 dashboards.
  5. Wait a little and check the new Dashboards are imported.

nsx2

That’s it! Time to explore the new dashboards.

Exploring the New Dashboards

In the first dashboard, you choose your Load Balancer Instance from a list. The list of metrics in Load Balancer Status are automatically shown. If there is any alert, it will show up on the bottom widget.

nsx3

In the second dashboard, you have the flexibility of choosing NSX Edge or just the Load Balancer. The list of metrics are automatically shown. You can then choose any metric to plot a line chart. This is useful if you need to go back in time.

nsx4

Hope you find it useful!

SDDC Network Monitoring

Thank you Sasha Velednitsky and Hsien-chung Woo from NetFlow Logic for contributing this post!

Monitoring Network Metadata in Real Time

Network devices are rich source of information about the network’s traffic, in the form of NetFlow, sFlow, or IPFIX formats. This metadata is voluminous and most valuable for operational and security purposes.

You get the best insights when the data are captured and analyzed in real time. This is where the data processing engine in NetFlow Integrator comes in. It can process hundreds of thousands of these records per second. Users can apply a myriad of solutions to understand the health and robustness of their networks, as well as the imminence of security threats. The results of NetFlow Integrator processing and analytics are then visually displayed via vRealize Log Insight.

Most network management tools use LLDP or CDP protocols (designed for topology discovery) to reveal network device connectivity, and do not identify the actual network traffic. On the other hand, NetFlow Integrator’s analytics are based on real network traffic. A useful analogy: if you are driving within a city, a city map will be helpful. However, it is much better to have both a map and a depiction of the traffic congestion, so you can navigate more efficiently.

SDDC Monitoring

One of the biggest operational concerns for IT Operations and SDDC Administrators is the lack of visibility between the virtual and physical networking layers — how to trace and troubleshoot connectivity issues. Typically, SDDC management tools monitor virtual network devices, such as vSphere Distributed Switch (VDS), Distributed Logical Routing, Distributed Firewall, Edge Services Gateway, and others. What if a performance degradation or outage is caused by physical device failures or overloading?

How do we know where virtual network traffic is encapsulated, and how it traverses the physical network?

Legacy tools break down at the virtual to physical boundary. Lacking correlation between logical and physical networks leads to longer time to resolution, and unacceptable outage time frames for many customers.

For complete visibility you need to collect and analyze flows from both virtual and physical devices. Luckily, most vendors support some sort of flow generation technology (Cisco  – NetFlow, Juniper – jFlow, Dell, HP, Arista, Brocade – sFlow, VDS – IPFIX).

Configure all of your flow-capable exporters, such as Top of Rack switches, core and aggregation switches, routers, and virtual switches (e.g. as VDS or Open vSwitch) to send NetFlow/sFlow/IPFIX to NetFlow Integrator for visibility of virtual and physical networks.

Network Counters

NetFlow Integrator accepts network flow data, applies algorithms to the data to extract the information needed to address desired use cases, converts the processed data to syslog, then sends that useful information to other systems for visualization. The granularity of these counters is configurable.

Network bandwidth is typically consumed by a relatively small number of users or applications. With NetFlow Integrator and Log Insight, SDDC administrators can identify which applications are using the most network bandwidth. Log Insight dashboards, shown below, provide this information by source IP, destination IP, ports and protocols.

1 2 3

Micro-segmentation enables organizations to divide SDDC logically into segments, and to implement security groups and firewall rules down to workload levels.

East-West network traffic patterns by application ports and protocols enable administrators to plan and implement micro-segmentation using VMware NSX.

As NetFlow Integrator receives flow information from physical network devices, it reports network bandwidth consumption by each physical network device interface. The following counters are provided:

  • Traffic In Rate (Bytes/sec)
  • Traffic Out Rate (Bytes/sec)
  • Relative load %
  • Packets In Rate (Packets/sec)
  • Packets Out Rate (Packets/sec)
  • Relative Packets Rate %

Virtual traffic is encapsulated at Virtual Tunnel End Point (VTEP). For each VTEP the following counters are provided:

  • Traffic In Rate (Bytes/sec)
  • Traffic Out Rate (Bytes/sec)
  • Packets In Rate (Packets/sec)
  • Packets Out Rate (Packets/sec)
  • Flow count

Advanced Analytics

Application performance and availability could also be impacted by a variety of factors, such as DDoS attacks. Sophisticated DDoS attacks are notoriously difficult to detect on a timely basis and to defend against. Traditional perimeter-based technologies such as firewalls and intrusion detection systems (IDSs) do not provide comprehensive DDoS protection. Solutions positioned inline must be deployed at each endpoint, and are vulnerable in case of a volumetric attack. Typically, solutions require systems to run in a “learning” mode, passively monitoring traffic patterns to understand normal behavior and establishing a baseline profile. The baseline is later used to detect anomalous network activity, which could be a DDoS attack. The building of these baselines takes days or weeks, and any change in the infrastructure makes a baseline obsolete, resulting in many false positives.

In contrast to systems relying on the baselines, NetFlow Logic’s Anomaly Detection – Traffic solution is based on flow information analysis. Thus it is not susceptible to volumetric flood attacks. Additionally, since it does not rely on baseline data collection, NetFlow Logic’s anomalous traffic detection solution can be operational 15-20 minutes after deployment.

1

NetFlow Logic’s solution is based on statistical and machine learning methods and consists of several components, each analyzing network metadata from a different perspective. Results of these analyses are combined and a final event reporting decision is made. The result of this “collective mind” approach is the reduction of false positives.