📐 Best Practices from the Field When developers interact with your product, the documentation is the interface. And while code may power the platform, it’s content architecture that powers clarity. Over the past decade, working with enterprise APIs in environments like VMware, I’ve learned that the best documentation isn’t just accurate—it’s deliberately structured to support…
Introduction After completing the Schneider Electric Data Center Certified Associate (DCCA) exam, I’m excited to share my experience, insights, and practical takeaways for anyone considering the course. With 20 years of experience in data centers and a background in electrical engineering and computer systems, I entered the exam with a solid foundation. However, I knew…
Syd’s closest grocery store in North Vancouver was an Asian market, and she mastered this dish with their ingredients.
Tanya found this one on Instagram, and it has become our number-one diner guest salad!
Introduction VMware Cloud Foundation (VCF) is a software-defined data center (SDDC) platform that combines multiple VMware technologies, including vSphere, vSAN, NSX, and SDDC Manager, into a single, integrated solution. This article takes a look at what VMware Cloud Foundation (VCF) means for a VMware NSX network engineer in an NSX edge deployment. SDDC Manager NSX components are…
Could this be the way that Sam and I start our Burly-based mornings?
Sam and I need our omega-3 fatty acids for brain development. 😉 We do this easy salmon bowl recipe in the oven, for a satisfying and healthy meal.
Jen loves the delicate texture of red lentils in this easy to make and delicious soup.
So quick, easy, and tasty. This dish is an absolute winner, where cleanup is just the rice maker!
Parchment paper pocket cooking elevates salmon by retaining moisture and flavour.
The bacon and onions are all the seasonings that Brussel sprouts need in what is becoming a Hills’ family staple.
A simple and delicious shrimp curry recipe from Madhur Jaffrey’s MasterClass on Indian Cooking.
Second on Syd’s baking classics short list, putting ripe bananas to use in this moist and delicious banana bread.
First on Syd’s baking classics short list, a decadent and delicious four-ingredient dessert for chocolate lovers.
This bread has been made for lots of Hills family occasions, including school bake sales and Christmas mornings.
Simple cornflake-crusted chicken baked up on a sheet pan until crispy and delicious.
Follow these instructions on how to add a recipe to this site.
Oliver often has three helpings of this hearty Irish-inspired beef stew recipe.
It’s Girly’s favourite soup, in such a simple recipe, where the lemon zest and lemon juice garnishes are key.
A Sloboda family favourite, this Picadillo recipe is inspired by Cuban versions made by sautéing ground beef with onions, peppers, olives, and spices.
A Hills family favourite, where cinnamon, ginger-root, cloves and pepper make chicken come alive in this simple recipe.
Objective: The goal is to deploy an NSX manager in the lab environment. The NSX Manager provides a web-based user interface where you can manage your NSX environment. It also hosts the API server that processes API calls. Product Interoperability Check: From the VMware Product Interoperability Matrix, for the versions running in the lab: NSX versions 4.0.1.1, 4.1.0.0, and…
Objective: The goal is to migrate the existing home lab from a vSphere Standard Switch (VSS) to a vSphere Distributed Switch (VDS) in preparation for an NSX deployment. Plan: Our existing home lab ESXi host has: Create a Data Center: Create a data center as a container for the lab environment inventory objects, name Datacenter….
Objective: The goal is to deploy a VMware vCenter Server Appliance (VCSA) 8.0 in preparation to provision it as an NSX compute manager to: Plan: Here is an article I found helpful: in getting me started: Installing VMware vCenter Server Appliance (VCSA) 8.0. We will use a Mac OS based management laptop, external to ESXi, to…
You can’t reliably run a vCenter or NSX environment without infrastructure time synchronization. As with DNS, save yourself time, and get this working before deploying vCenter and NSX Manager. This fourth in a series of NSX Home Lab articles, looks at simple approach to providing NTP services within an NSX home lab. Objective: The goal…
You can’t run a vCenter or NSX environment without forward and reverse name resolution. Save yourself time, and get this working before deploying vCenter and NSX Manager. This article looks at simple approach to providing DNS services within an NSX home lab. Objective: The goal is to deploy a lab based DNS server that can…
This article looks at a simple NSX home lab design, loosely using the approach presented in the NSX Data Center Design training. Objective: The goal is to build a simple home based NSX Lab environment to help gain hands-on experience with the product to develop some of the skills needed to design, deploy, and manage…
A VMware NSX home lab is a powerful tool for learning and mastering the VMware NSX platform. By setting up and experimenting with a simulated environment, you can gain hands-on experience with the product and develop the skills needed to design, deploy, and manage virtual networks in a production environment. I put my first NSX…
Introduction: One of my NSX peers was recently working on an IP address overlap issue that helped lead to a better understanding of routing behaviour within an NSX environment. The Scenario: In this corner case scenario there is IP address overlap between these two subnets: Connectivity State: The Guest VM, app, has partial IP connectivity:…
As a Network Virtualization Architect, it is important to have access to a variety of resources to aid in the design and implementation of a network virtualization solution. VMware provides a wealth of information and tools that can be extremely valuable in this process. In no particular order, some of my favourite resources include: 1….
Introduction: VMware Validated Designs are a collection of comprehensive end-to-end design guides that serve as a blueprint for a Software-Defined Data Center (SDDC) implementation. VMware Validated Designs have been discontinued, are retained as a historical reference, and have evolved into VMware Cloud Foundation Designs. To better understand what this means from an NSX perspective, it’s…
NSX version 4.0.1.1 introduces support for stateful services on Tier-0 and Tier-1 gateways in Active-Active HA mode, where one Service Router (SR) can span multiple active edge nodes. This feature offers improved resource usage and scale-out for higher performance. This article introduces a three-step troubleshooting approach that can be used to determine the traffic path to…
Introduction: Due to numerous requests I have rebooted spillthensx, with an updated name. Connecting with the VMware community has been a very rewarding experience, and I’m starting up again in 2023! Keep in mind that aspirational labour works! Aspirational labour is a mode of uncompensated, independent work that is propelled by the ideal of doing…
Introduction: In this article, we will look at a troubleshooting approach for network connectivity issues, known as the Bottom-Up Methodology. We will take a close look at troubleshooting BGP Peer Establishment on NSX-T edges to illustrate this approach. Physical Layer Troubleshooting, troubleshooting the transfer of bits Physical Layer Troubleshooting, sample topology for BGP Peers We…
Introduction: In assisting customers with a wide variety of NSX-T related issues, I’m constantly pulling up cheat sheets for frequently used commands. This is the second in a series of pages, my favorite NSX-T Edge commands, where I’m selfishly pulling these commands together as a reference. I plan to add to this page over time,…
Introduction: Here is a collection of REST API tips I’ve learned while supporting NSX-T. The tips are organized in sections for beginner, intermediate, and advanced users. I’m hoping there is something here for everyone! Beginner Tips, getting set up to access the REST API: 1. NSX-T Manager hosts it’s own REST API Reference You will…
Introduction: In assisting customers with a wide variety of NSX-T related issues, I’m constantly pulling up cheat sheets for frequently used commands. This is the first in a series of pages, my favorite NSX-T ESXi network commands, where I’m selfishly pulling these commands together as a reference.
Introduction: In NSX-T, Principal Identities (PI) are role-based users who have ownership of the objects they create. Objects can only be modified or deleted by the owning Principal Identity. PI is an effective method to manage multi-tenancy, where multiple tenants share the same resource infrastructure. In NSX-T, Principal Identities: – are certificate-based, and are considered…
Introduction: The NSX-T VLAN Based OneArm Load Balancer on a Standalone Tier-1 Gateway scenario is often of interest to VMware customers that use NSX-T without VXLAN. These customers primarily use NSX-T for micro-segmentation and edge functionality. Network Topology: In this article, we will look at a simple base topology from which you can build. Although…
Introduction: As NSX-T evolves, users are moved closer to using Policy-based objects. NSX-T 3.0 introduces a User Interface Mode that by default is hidden and presents users only Policy-based objects to the UI in greenfield deployments. From What’s New, in the NSX-T 3.0 release Notes: User Interface Preferences for NSX Policy versus Manager Modes – You can…
Introduction: NSX-T TEP IP address misconfiguration is one of the most common issues associated with new NSX-T deployments. It can lead to downed GENEVE tunnels between ESXi hosts and NSX-T Edges, in collapsed Compute/Edge Cluster topologies. In this scenario, NSX-T backed virtualized guests can reach each other, but not the physical environment. In this article,…
Introduction: Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. This article looks at NSX-T TLSv1.1 disablement using cURL, leaving Web clients to connect to the NSX-T Manager Web UI via TLSv1.2. Questions around NSX-T TLSv1.1 disablement have come in from some VMware customers looking at PCI compliance….
Introduction: There have been some significant enhancements in NSX-T 2.5 to ESXi host logging. The logging level can be changed dynamically, and logs are now consolidated under Syslog offering more powerful and flexible NSX-T troubleshooting options at the ESXi host level. VMware CLI Reference Guides These changes are covered in the NSX-T Data Center 2.5.0…
Introduction Ansible is an open-source automation tool used for IT tasks such as configuration management, application deployment, and provisioning. This post is the first in a series of articles that review automation with Ansible in an NSX-T 2.5 lab environment. In this series, VMware’s NSX-T Ansible Modules will be used to: Deploy the NSX-T Management plane…
Introduction: This post is a continuation of my experimentation with NSX-T deployment automation, working on a method to quickly deploy typical network topologies for repro and testing. In the first post of this series, we used cURL and JQ to collect NSX-T UUIDs and deploy a new Tier-0 gateway. Now we will look at the…
Introduction: I’ve been experimenting with NSX-T deployment automation, working on a method to quickly deploy typical network topologies for repro and testing. A typical lab topology consists of Tier-0 and Tier-1 gateways and segments, where one or more object IDs uniquely identify each construct. NSX-T Universally Unique IDentifiers (UUID) NSX-T identifies objects using Universally Unique…
Introduction: The nsxcli includes the capture command, a useful debugging tool to capture specified network traffic at various points and stages in the network processing pipeline. It is a valuable and powerful tool to troubleshoot a variety of network issues. In this article, we will look at using nsxcli capture in a data path troubleshooting…
Introduction: Congratulations to Omkar, the winner of the first Spill the NSX-T Reader Challenge! And thank you Chris, our Ireland based correspondent that delivered the winning prize, a cup of tea. 🙂 Here is a brief summary of the issue: Additional problem description details are found here: https://spillthensxt.com/nsx-t-with-jam-trouble-with-dfw/ Question: Why does VM2’s DFW Filter have…
Introduction: Inspired by Mike Da Costa’s NSX/NSX-T Troubleshooting Scenarios, I’m putting out an NSX-T troubleshooting challenge to those who know me on Twitter as @spillthensxt. In this scenario, a specific Guest VM has no Distributed Firewall (DFW) rules applied. It’s now time for some NSX-T DFW troubleshooting! This is a Spill the NSX-T Reader Challenge:…
Introduction: A DNS Forwarder is a Domain Name System (DNS) server on a network used to forward DNS queries for external DNS names to DNS servers outside of that network. Also, the forwarding of queries according to specific domain names is known as conditional forwarding. In this article, we will take a look at configuring DNS forwarding in…
Introduction: The Dynamic Host Configuration Protocol (DHCP) allows clients to obtain their network configuration from a DHCP server automatically. In NSX-T, this means the allocation of IP address, subnet mask, and default gateway. This article is a brief guide to get you up and running with an NSX-T managed Local DHCP Server configuration. NSX-T supports…
Introduction: This post covers two crucial Geneve Tunnel dependencies to be aware of within NSX-T network virtualized environments: High-Level Concept to Remember: If the Geneve Bidirectional Forwarding Detection (BFD) tunnels are not up due to misconfiguration or other network issues, the Edge’s failover mechanism triggers causing the Edge Node to drop its BGP neighborships. This failsafe mechanism…
Introduction: NSX-T leverages the Generic Network Virtualization Encapsulation (Geneve) protocol, a network virtualization tunneling protocol used to establish tunnels across transport nodes to carry overlay traffic. Transport nodes include VM and physical-based Edges, ESX hosts, and KVM Hypervisors, all of which require at least one Geneve Termination End Point (TEP). With encapsulation technologies, like Geneve,…
One of the best diagnosis for NSX-T Load Balancer Troubleshooting is through careful monitoring and analysis of Edge error log activity when the Load Balancer error log level is set to debug. Along with Edge CLI command output, this deep-dive level of analysis can be very insightful. In this post, we’ll run through a quick…
Edge Maintenance Mode Overview The NSX-T Edge cluster is a logical grouping of NSX-T Edge virtual machines that provide North-South routing for the workloads in compute clusters. NSX-T Edges can be taken out of production by being placed in maintenance mode, if for example, the Edge has become inoperable. In the first post of this…
Edge Maintenance Mode Overview The NSX-T Edge cluster is a logical grouping of NSX-T Edge virtual machines that provide North-South routing for the workloads in the compute clusters. NSX-T Edges can be taken out of production by being placed in maintenance mode, if for example, the Edge has become inoperable. If high availability is enabled…
Background NSX-T 2.4.2 includes a new ESXi host Python script named nsxcfg-vswitch which can be used to recover network connectivity to an N-VDS based kernel management interface. I learned about this gem from one of my peers, NSX-T Escalation Engineer Micheal (Rui) Liu. Included as part of VIB installation, think of nsxcfg-vswitch as an emergency…
NSX-T East-West Traffic Flow is Part 1 of a two part series, taking a close close at traffic flow in an NSX-T environment.
NSX-T East-West Traffic Flow is Part 1 of a two part series, taking a close close at traffic flow in an NSX-T environment.
NSX-T host preparation failures may result in the error “Failed to install software on host. Invalid host type or host not supported.” This error message will appear when attempting to add an ESXi host as a NSX-T Transport Node when the ESXi host version is not compatible. An incompatible ESXi host version may also result…
Background: It is possible to disable the NSX-T Distributed Firewall (DFW) using a REST API Client or using cURL (Client URL) via the command line. This article reviews both methods. Get the current DFW Status with Postman: Let’s begin with a REST API Client, in this case it’s Postman for Google Chrome. Start by setting up…
Introduction: Identity Firewall (IDFW) features allow an NSX-T administrator to create Active Directory user-based Distributed Firewall (DFW) rules. IDFW requires NSX-T access to Active Directory user objects. This access is achieved through an NSX-T to LDAP (Lightweight Directory Access Protocol) connection. Connecting NSX-T to LDAPS is a part of the Identity Firewall Workflow. Details in…
Introduction: NSX-T Data Center Edges carry all traffic in and out of the Software-Defined Data Center network, providing connectivity between virtualized and physical environments. The goal of this blog post is to review some issues that result in an inability for a Tier-0 gateway to ping it’s directly connected physical peer IP. NSX-T introduces a…
Overview: Backups are an important part of maintaining an NSX-T environment. Troubleshooting backups through the UI can be challenging since the errors are often generic. In this post we’ll begin with a review of NSX-T backup configuration parameters, look at some troubleshooting options performed from the NSX-T Manager CLI, and troubleshoot an SFTP backup failure….
[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility”…
Troubleshooting DHCP in an NSX-T environment can be challenging. This blog post provides a structured approach to following a client DHCP request along the communication path to help determine the root cause as to why IP address assignment may be failing. The Lab Topology In this case DHCP Relay is configured on an NSX-T 2.4.1…
[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility”…
[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility”…
[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility”…