Ciao,
l'utilizzo più comune che ho trovato per il disco "indipendent" è nel disco dei profili dei desktop pool di horizon nella modalità "linked clone" dove il disco persistente è di tipo "indipendent" proprio per il fatto che non deve esssere cancellato, questo poi crea una bella rottura per il fatto che non può essere fatte snapshot e quindi i vari software di backup non possono salvarlo.
Saluti
M.
Hi
Thank you for the quick reply. I appreciate your help.
What version of NSX are u using.
In my environment i am using version 6.2.2 & I have faced similar problem.
The ping using CLI by vmkping is fine & it gives the desired outoput. But some times via GUI it does not reflect the right out.
Since the VMKPING is giving the right output, your setting are right & there will be no impact.
This could be related to some display issue. I have not escalated this with VMware since it didn't affect my production.
I can't successfully execute this command once the VM had been started in the workstations with gui( the VM is listed in the library).
It seems I need to manually remove the VM from the workstation GUI before running this command.
I want to automate this operation with vmrun.
Could somebody tell me how? Thanks.
Hi,
I can not see any metric's which related to blast protocol in my vrops manager but I can see metrics related to PCOIP.
please give me some information on it
thanks
Hi Bayu, thanks for your reply
I can add secondary IP's that is fine.
However if I already have 1.1.1.1/30 as an interface IP (with default gateway 1.1.1.2) and I create a new interface IP with multiple secondary IP's with subnet 1.1.1.4/30 (primary IP 1.1.1.5, secondary 1.1.1.6) once a packet from the internet arrives to this new interface ip 1.1.1.5, the return packet will try to go out the same interface, which means I need to specific a default gateway out of 1.1.1.4/30 subnet. If I change the default gateway I will lose return packets destined for 1.1.1.0/30
See my longer reply above
Hi David,
Will subnet bigger than /30 such as /24 works for your scenario?
You can also create the external IP as /24 for example 1.1.1.0/24
Then you can decide and design how many vCD Organization you would like to have and how many external IP per vCD Org.
For example with /24 you have 254 IP address, you would like to have 10 Public IP per vCD Org, you want to reserve .1-10 & .251-254 for system/non-tenant and Edge starts from .11 until .250
You can use external network without sub-allocating IP pools but everything will be based on first come first serve.
The other option you can pre-allocate the IP pools for example Org01 will use .11-20, Org02 will use .21-30, and so on so you will have up to 24 Sub-Allocated IP pools for up to 24 Organizations.
If you need more than 24 Orgs then you will need to create another range for example 2.2.2.0/24 or have a bigger subnet such as /23 or /22
Hi Paul, the DNAT rules are working if I pull an IP from the current sub-allocated pool.
If I rephrase the question into, what if I wanted to an additional sub-allocated pool that I can use for DNAT, and this new pool is not in the same subnet as the first sub-allocated pool ?
In my example:
External Network -1.1.1.0/30
External IP of NSX Edge is 1.1.1.1 (I can sub-allocated this IP within the edges setting, and then use this IP for DNAT or SNAT)
Default gateway of the NSX edge is 1.1.1.2 (let's say a Cisco router)
Let's say I have a webserver behind the NSX edge and I have a DNAT rule setup for port 80 (1.1.1.1:80 -> 192.168.1.10:80 for example), everything up to here is working successfully.
Now I want to add a second websever 192.168.1.11 and I need another external IP. Because the current external /30 is already used for the DNAT rule above.
I then get a new subnet from the ISP 1.1.1.4/30, traditionally you will route this subnet to the external interface of a firewall and you could use the entire subnet for NAT (1.1.1.4 - 1.1.1.7). But since NSX/vCloud requires the subnet to be specified in the "Sub-Allocate IP Pool" of the Edge Gateway Properties, it will need to grab these IP's from somewhere.
1. I can't create a new External Network within cloud resources as the default gateway needs to stay as the original 1.1.1.2
2. Within System - Manage & Monitor - External Networks. I enter into the properties of my existing External Pool /30, and add a new Network Specification for the new subnet 1.1.1.4/30, however out of this subnet I need to specify a default gateway which needs to be specified as a secondary on the Cisco router interface that is providing the default gateway of 1.1.1.2.
So each time I add a network specification, I lose 1 IP out of the subnet for the default gateway plus I need additional setup on the Cisco router.
This was one of the original designs I had, however one issue with this is that say I have allocated 1.1.1.0/24 to use for all external access and the subnet has a limited amount of ip's remaining. Then one of the existing customers wants a large subnet routed to them say /26 or /27, I won't be able to allocate those IP's to them since the 1.1.1.0/24 is full, so that means I will need to re-ip the whole customer with a new external network. So it doesn't really scale well.
Let say you have that scenario with one subnet 1.1.1.0/24, it has limited amount IP and one customer need a new subnet 2.2.2.0/24.
If the new customer needs only the new subnet you can create new VLAN/interface in the physical router for the subnet 2.2.2.0/24 and connect that to the customer Edge.
However, if you want the customer to have 1.1.1.0/24 and 2.2.2.0/24 that would be tricky if you are running on static routing.
Edge can use multiple external network but you can only choose one as the default
What I can think of is the customer would need either use separate Edge and choose which vApp for which Edge or use Dynamic Routing on the Edge and potentially use ECMP
NSX supports Dynamic Routing and this feature is now exposed to vCD 8.2.0 Advanced Routing Configuration Using the vCloud Director Tenant Portal
Hi, are you looking for DFW message bus user world logs?
The logs are in ESXi host /var/log/vsfwd.log.
If you configure ESXi host to forward its logs to external syslog such as vRealize Log Insight, you should be able to see the logs in the syslog system
Here are some references on configuring syslog on ESXi hosts
Configuring syslog on ESXi (2003322) | VMware KB
Configure Syslog on ESXi Hosts
If you are interested in DFW rule or packet logs, you are looking for /var/log/dfwpktlogs.log
Similar to vsfwd.log, this logs are inside ESXi host and you can forward this to external syslog by configuring syslog on your ESXi hosts
Make sure to Enable logging for the rule(s)
See this documentation Firewall Logs
Hi, I was referring to SNAT and not DNAT my mistake.
SNAT or Outbound NAT to translate internal network in VXLAN 5000 to a public external IP address.
Hi
Where do you NAT/SNAT for access to the Internet? UBNT USG or other firewall?
Make sure:
1. VM on VXLAN 5001 - 10.100.101.100 can access UBNT USG 10.100.100.1 which I think this looks okay based on your explanation
2. Add SNAT or Outbound NAT for 10.100.101.0/24
OK, that makes more sense, but my public IP lies on the USG, so if I did a SNAT on the machines on the vxLAN, aren't I simply making life difficult for me from my other internal resources?
Thanks again. From the doc you sent over I think /var/log/dfwpktlogs.log. is the
file I was really seeking. One detail I don't see is if logging for a particular NSX edge firewall
is different from the firewall found in Networking and Security/Firewall. Do you know if
both send pass/drops to /var/log/dfwpktlogs.log - or just the latter?
I installed workstation 12.5 to a laptop running Mint Linux 18.1 Sarah 64-bit and then uninstalled it by right clicking the three resulting icons and taking the Uninstall option from the Mint Cinnamon Menu system. I was unaware of the process for using the *.bundle file from the terminal to do an uninstall at that time.
The reason for the uninstall was that the first install would not run, I had found and run an apt-get update, and that has made massive additions and changes to the install. So I thought uninstalling and reinstalling workstation might get it working.
Now I want to install it again, using the sh command and the bundle file, and when I try to do that it reports that it is still installed even though it was uninstalled from Mint and the folders it was installed in have been deleted.
So something somewhere is tricking the vmware install process into thinking I still have Workstation 12.5 installed. Is there some way to clear that mistaken impression?
Jack
Hi,
Will the refresh and recompose activities impact the Windows and Office Product Activation inside the desktop virtual machines ? Will these cause to lost the activiation information ?
As per your requirements, you want the network 10.100.101.0/24 (VXLAN) be able to traverse to the Internet.
Therefore, you will need to do a NAT for network 10.100.101.0/24 either
1. Directly to the public IP on your public facing NAT Device (USG)
2. or a NAT on your NSX Edge (so there will be double NAT, one at USG and one at NSX Edge), your NSX Edge must not have ECMP enabled
dfwktlogs are logs for DFW and you can enable log on rules with any Action whether it is Allow or Block.
Edge firewall is on NSX Edge and if you want this to be forwarded to external syslog, you will need to configure syslog on the NSX Edge.
See this document: Configure Syslog Servers for NSX Edge
Similar to DFW, you will need to specify which rule you want to log.
See this document: Add an NSX Edge Firewall Rule
Very helpful - thank you.
