NSX-T 4.0.0.1 - Whats new?

In NSX-T 4.0.0.1, VMware changed their naming scheme (again, would some say), to just be NSX. One of the biggest features, and long overdue is IPv6 support for management. There is also a new feature for Blocking Malicious IPs, which we will look at below.

Here are the Release Notes: https://docs.vmware.com/en/VMware-NSX/4.0/rn/vmware-nsx-4001-release-notes/index.html

Block Malicious IPs:

In the Release Notes the following is written:

• Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs.
• Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs. This is achieved by ingesting a feed of Malicious IPs provided by Vmware Contexa. This feed is automatically updated multiple times a day so that the environment is protected with the latest malicious IPs. For existing environments the feature will need to be turned on explicitly. For new environments, the feature will be default enabled

My LAB enviorment is a existing installation, so it will need to be turned off explicitly as the release notes says. Luckily thats quite easy in NSX-T.

We also know its a part of VMware Contexa, that is VMwares take on a cloud security platform. I actually didnt know about Contexa before this update, it looks cool. We might see more of Contexa in later NSX-Releases, maybe within NSX-Intelligence where more of the Contexa looks to be already.

Lets setup auto update:

As you can see below, you will right away after upgrading the NSX-T Manager to 4.x the warnings telling you: Auto Update Malicious IPs is turned off. All rules containing groups with malicious IPs might not work at all or work with outdated data if available.

My Homelab (2022 edition)

I thought I would give an updated look at my HomeLab where i obviously lab most of my stuff.

Why?

My Homelab started as I think it does for many, a curiousity and passion to know more. For me it started way back when I was very young, and wanted to learn the enterprise stuff. It have made me get jobs where i havent had professional experiences, so I think it has paid off multiple times. Now its more of a playground, and to learn and try new stuff, beta releases and more.

What?

I work as a VMware and Datacenter Administrator in my daily work, so it helps me learn: Routing, VLANS, Switching (even L3 Switching), Datacenter management, VMware and more. I LAB many things, but primarily most of the VMware stack, with licenses from VMUG.

High latency for VMs in NSX-T (VLAN)

NSX-T Version: 4.0.0.1.0.20159689

I was experiencing a high latency in NSX-T for all my VMs, and i couldnt figure out why. VMs on the same host, that wasnt on a NSX-T segment had +90ms in latency. I was pinging from a VM on VLAN 10 to a VM thats part of my NSX environment on VLAN 20. Both VMs was on the same host, and I dont have any NSX-T Overlay routing, so it was kinda weird.

Let me first show you how the latency was fluctuating:

As you can see above the latency was in the low end at 8ms and to the very high end of 150+ ms per ping. Thats not acceptable, and especially not when the VMs are on the same host, and there is only 1 router between the VLANs.

Place a VSAN Witness host into maintenance through PowerCLI

The PowerCLI documentation is actually really good, but sometimes the documentation is just silly aswell. I was trying to make a vSAN Witness host go into Maintenance Mode through PowerCLI and had trouble doing it.

The Set-VMHost command has some parameters you can set for VSAN Data Migration and stuff like that, so i thought maybe it wanted to do something with vSAN even though the GUI is the normal Maintenance Mode dialog box.

When I tried using the Set-VMHost command i got the error A specified parameter was not correct:

Follow me on Github :)

Remember to follow me on Github, since i post a lot of my scripts there. I'm mostly doing PowerShell stuff, so keep an eye out.

I made a repository for VMware for my scripts for VMware - take a look here: https://github.com/NPetersenDK/VMware-Scripts

My Homelab

My homelab is based on 4 hosts and one fileserver (running Windows, for now).

My VMware Installation

I try to be a front runner for running the newest version of everything. So as of now i'm on 6.7U3 on everything. I have 5 hosts in my installation, which one of them is in France (i'm living in Denmark) - i have a 500/500 Mbit connection to it.

My First Post - on a newer installation :)

Welcome to my new blog, i have migrated away from my Hoompas.dk domain which was based of a WordPress server that i quite frankly forgot to patch all the time.

All it's content is now gone and we're starting on a fresh. I'm looking forward to blogging a bit about VMware, and everything else i find nerdy enough to go on here.