Let me start this chapter with a famous quote from Antisthenes:
"Not to unlearn what you have learned is the most necessary kind of learning"
I couldn't find a better quote than that for giving everyone a heads-up on how vital it is to ensure that we recollect what we have learned so far in previous chapters about how to approach a problem to see what the best solution is. For the best solution to also be the quickest, we truly need to know how to approach a scenario, where to start looking, what logs are useful, and lastly, when to engage the vendor for further troubleshooting. As we all know, our course is focused on NSX with vSphere. NSX is tightly integrated with vSphere.
Taking a real example, even a well-constructed building will not stand on a weak foundation. A bad vSphere design will have a direct impact on NSX components, no matter how good the NSX design is. This rule of thumb is the same for any VMware solution that runs on top of vSphere. In this chapter, we will cover the following topics:
- NSX installation and registration issues
- The log collection process and steps
- VXLAN troubleshooting
Installing NSX Manager is one of the easiest tasks, and the bitter truth is that anyone who is familiar with vSphere OVA/OVF deployment can easily deploy an NSX Manager without any prior knowledge of NSX products. We know for sure, that in a production environment, no one will follow that method. However, I still want to educate you all about the importance of NSX installation. Let's carefully go through the following points:
- There should not be any vCloud networking security (VCNS/vShield Manager) registered with the same vCenter when we are trying to register NSX Manager. If we find any such environments, we must ensure that we are unregistering one of the solutions; definitely VCNS/vShield, since that is an outdated solution compared with NSX Manager. That doesn't mean we can have two NSX Managers registered with the same vCenter Server. However, we can upgrade VCNS to NSX and I will be sharing the upgrade guide link in the chapter's final section.
- Never import any previously used NSX Manager instance to a new environment and register it as a solution with a new vCenter.
- Always check if NSX Manager is registered with how many vSphere solutions. For example, we might have a vCloudAutomation Center (VCAC) and vCloud Director (VCD) registered with NSX Manager A, which is also registered with a vCenter Server environment. The reason why I'm more curious about such solutions is that careful planning and design is required not only for installation but also for uninstallation of NSX products during break fix time. Each solution's integration demands separate steps while unregistering NSX Manager.
- Always take a backup of NSX Manager after initial deployment of the software. Never depend on the vSphere snapshot feature for this backup activity.
- NSX Manager can be treated as a normal vSphere virtual machine for troubleshooting any network-related issues. For example, we can migrate NSX Manager from one host to another host, or check the ESXTOP command to know Tx and Rx counts for isolating a network issue.
- While registering with vCenter Server, we have two options:
- Lookup service registration: Lookup service registration is an optional feature for importing SSO users. However, if we are integrating with an SSO identity source, we need to follow all vendor-specific best practices for identity source availability. But, it's worth remembering that if SSO is down except for login to NSX Manager, it won't have any impact on NSX components and their features.
- vCenter Server Registration: vCenter Server registration is the first and most critical integration. Hence, we need to ensure that we have proper connectivity and configuration for the following points:
- DNS resolution should be configured between NSX Manager and vCenter Server.
- NTP should be configured properly; this point might be very familiar for most of the experts, but I will still reiterate it: The impact of wrong NTP is very high when we integrate the lookup service (SSO) and try to leverage SSO-based authentication.
- Firewall ports should be opened between NSX Manager and vCenter Server. Always verify VMware Knowledge Base (KB) article for port requirements. The following link leads to a VMware KB article, which talks about all the port requirements:
https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2079386- Ensure that we are using vCenter Server administrative user rights while registering with NSX Manager. We can certainly use the [email protected] account to register NSX with vCenter, vCloud Director, and vRealize Automation products.