Category: vSphere Distributed Switch

Migrating from vCenter Server Embedded PSC to External PSC in vCenter Server 6

by saurav116, posted in Uncategorized, vCenter Server 6, VMware, vSphere 6, vSphere Distributed Switch, vSphere Web Client

For the past few weeks i am working on enhancing my VMware home lab setup to be more scalable and enterprise grade , which gave me an opportunity to migrate the embededd PSC to external to extend my vCenter Single Sign-On domain with more vCenter Server instances to support multi site NSX and SRM use cases, you can reconfigure and repoint the existing vCenter Server instance to an external Platform Services Controller.

Few things to note before starting the migration :

  • The process is relatively straightforwad but remember there is no coming back once you migrate the embedded PSC to external .
  • Make Sure to take the snapshot of vCenter Server , in case anything gone wrong during the migration you can revert back vCenter to the last working state
  • Non Ephemeral virtual port groups are not supported by the PSC , as a workaround we need to create a new Ephemeral port group in the same VLAN (if using VLANs) as vCenter server network for the sake of deployment of new PSC . You can migrate the PSC network to non ephemeral port group after the migration completes successfully .

 

This is what I am running in my lab currently , a vCenter server appliance with embedded PSC:

1

I want to achieve the below topology with External PSC:

1

Lets start this by installing the external Platform Services Controller instance as a replication partner of the existing embedded Platform Services Controller instance in the same vCenter Single Sign-On site.

Mount the VCSA ISO and start the installation .

1.png

Enter the credentials of the ESXi host where you are planning to deploy the PSC appliance.

1

Acceppt the self sigh certificate .

1

1

Here select “Install Platform Service Controller” .1.png

Select Join an SSO domain in an existing vCenetr PSC:

1

Join the exsiting site and select the SSO site name:

1

1

1.png

As I have explained before e, if you have not created a Ephemeral virtual port group you will  not be able to select a network to deploy the new PSC.

1.png

Go back to vCenter and create a Distributed port group with Ephemeral port binding which will be used for the PSC Deployment.

1.png

Enter the standard networking parameters and complete the deployment wizard.

1.png

1.png

Click on finish and wait for the deployment completion . This process will take approx: 8-10 minutes.

1

You will get the below screen once PSC deployed successfully.

1

Now , Log in to the vCenter Server instance with an embedded Platform Services Controller.Verify that all Platform Services Controller services are running by executing the below command:

service-control –status –all

1

The final step is to run the below command to repoint the embedded PSC to new deployed external PSC:

cmsso-util reconfigure –repoint-psc psc_fqdn_or_static_ip –username username –domain-name domain_name –passwd password [–dc-port port_number]

Use the  –dc-port  option if the external Platform Services Controller runs on a custom HTTPS port. The default value of the HTTPS port is 443.

1.png

If you have followed all the instructions mentioned above, you will get the below success message: “vCenter Server has been successfully reconfigured and repointed to the external PSC 172.18.36.17 .

1

That was it , PSC has been successfully migrated from Embedded to external! I hope it was helpful .

Port Mirroring in vSphere Distributed Switch(VDS)

by saurav116, posted in ESXi6, Uncategorized, vSphere 6, vSphere Distributed Switch, vSphere Web Client

In this blog, I will shows how to configure and use the Port Mirroring functionality in the vSphere Distributed Switch.

Port mirroring is the capability on a network switch to send a copy of network packets seen on a switch port to a network-monitoring device connected to another switch port. Port mirroring is also referred to as Switch Port Analyzer (SPAN) on Cisco switches. In VMware vSphere, a Distributed Switch provides a similar port mirroring capability that is available on a physical network switch. After a port mirror session is configured with a destination—a virtual machine, a vmknic or an uplink port—the Distributed Switch copies packets to the destination.

In this blog I will use Linux01 VM to capture and monitor mirrored traffic of Linux02 VM.

  1. In the vSphere web client , go to VM and Templates in the inventory tree and open the console of Linux01 machine which I will configure to capture the traffic from Linux02 VM1
  2. Monitor the command output for a few seconds and verify that ICMP traffic is not being captured. tcpdump output remains silent until ICMP traffic is detected on the network
  3. Leave the console window open, with the tcpdump command running uninterrupted
  4. In vSphere Web Client under VM and Templates, Right-click the Linux02 virtual machine and select Power > Power On.
  5. After the Linux02 virtual machine starts, sign on as root. The Linux02 virtual machine is used as the traffic source to be monitored.
  6. At the Linux02 command prompt, ping the default router. In my case my router in on 172.20.10.102
  7. Go back to Linux01 VM again and click the Linux01 console tab.
  8. In the console window, verify that the running tcpdump command is the same as before and has not captured any ICMP traffic

Now i will configure the Distributed Switch for port mirroring

  • In the Web Client on the left pane, click the Networking icon.
  • In the Networking inventory tree, select the dvs-Lab distributed switch.
  • In the middle pane, click the Manage tab and click the Settings tab.
  • Click the Port mirroring link.
  • In the Port mirroring panel, click the New link.

3

  • In the Add Port Mirroring Session dialog box, leave the Distributed Port Mirroring     radio button selected and click Next.4
  • Under Edit properties, select Enabled from the Status drop-down menu.
  • From the Normal I/O on destination ports drop-down menu, select Allowed.
  • Click Next5
  • Under Select sources, click the Select distributed ports icon.6
  • In the Select Ports dialog box, select the check box for the row with a connected entity of Linux02 and click OK.7.png
  • click Next8
  • Under Select destinations, click the Select distributed ports icon.9
  • In the Select Ports dialog box, select the check box for the row with a connected entity of Linux01 and click OK.10
  • Click Next11.png
  • Under Ready to complete, review settings and click Finish.12
  • In the Firefox window, click theLinux02 console tab.
  • Verify that the ping command is still reaching the default router at 172.20.10.10.
  • In the Linux01 console, examine the tcpdump output in the terminal window.
  • The output looks similar to the following example13.png
  • You can see Now that the Linux01 (destination) has started mirroring the ICMP pings from Linux02 VM (Source).