Tag Archive: VMware

VMware Update Manager: Different non-critical host updates for Nexus

I have 5 difference vCenter servers installed over various timeframes and I am seeing different counts for the Non-Critical Host Updates across them. After some digging it appears that this is due to the Nexus 1000v updates.

We have not deployed the Nexus to production yet so this was a little confusing for me. It appears that when Update Manager is installed it downloaded the patches for the Nexus 1000v, but they are not included in the updates that are downloaded because we have none running in the environment and Update Manager was not configured to download them.

For consistency across my environments I have enabled the custom patch download source for Cisco. The URL ends in csco-main-index.xml. This does not change functionality for our deployment, but it quiets the gnawing thought that we are applying different patches to our environments.

Understanding VMware VMkernel Traffic Routing

As a basis for an upcoming post on splitting vmkernel traffic across over layer 3 boundaries I wanted to describe how vmkernel traffic is routed on an ESX host. There seems to be a lot of confusion in this area and hopefully this will help to clear it up.

If you need a refresher on IP addresses, network masks, or subnets check out this Cisco article.

Directly Connected Networks

If a host is directly connected to a subnet it will use that interface to talk to devices in that subnet. For example if I have an interface with the IP 10.1.1.1 NETMASK 255.255.255.0, that interface will be used to talk to anything on the 10.1.1.0 network. This applies to every directly connected interface.

If I have three vmkernel port groups defined with the following IP information
vmk0: 10.1.0.1    255.255.255.0
vmk1: 10.1.1.1    255.255.255.0
vmk2: 10.1.2.1    255.255.255.0

Then vmk0 will be used to talk to everything on 10.1.0.0, vmk1 for 10.1.1.0, and vmk2 for 10.1.2.0.

Remote Networks

So, what happens when the device I am talking to is on a subnet that I am not directly connected to? This is where the routing table really comes into play so let’s take a look at it using:

vicfg-route –list

VMkernel Routes:
Network             Netmask             Gateway
10.1.0.0            255.255.255.0       Local Subnet
10.1.1.0            255.255.255.0       Local Subnet
10.1.2.0            255.255.255.0       Local Subnet
default             0.0.0.0             10.1.0.254

We see the directly connected networks with a Gateway of Local Subnet. This describes the direct communication that we discussed in Directly Connected Networks.

The last line is a result of our configuration of the “VMkernel Default Gateway” when setting up the vmkernel port group. What it says is send everything else to the router at 10.1.0.254.

The router is in the 10.1.0.0 network and since vmk0 is directly connected to that subnet we know that it will be used for all non local traffic.

A point of clarification

I have seen some confusing statements out there to the effect of “The vmkernel port group with the default gateway assigned will be used to send traffic.” As we have seen, this is not quite true.

All vmkernel ports use the same default gateway so there is no specific assignment per port group. The vmkernel port group that is directly connected to the specified gateway will be used. Unless specific routes are added that means the vmknic in the same subnet as the default gateway will be used for all routed vmkernel traffic.

The routing table can be customized using the vicfg-route command, but should be done rarely. I will discuss one reason you want to do that in my post on splitting vmkernel traffic when crossing layer 3 boundaries.

Side Note: Service Console vs. VMkernel
On the non ESXi versions of vSphere the service console and vmkernel each have their own TCP/IP stacks and therefore have their own IP configuration including routing tables. This means that any IP configuration of one has no effect on the other. The service console’s routing table can be viewed with the command “route” or “route -n”.

VMware vCLI “persistent login”

Here is a short convenience script that will simulate a persistent login to a VMware host system when using the vCLI on Windows. Typically you have to specify a lot of parameters that include login information or a session file. With this method you just run the script and provide the hostname, username, and password for the connection.

After running this script you can run commands like “vicfg-mpath.pl –list” without additional parameters.

There is much that could be done to improve this script; this is just a quick and dirty version to make my life easier. If I improve it in the future I will post updates.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/usr/bin/perl -w
 
use strict;
use warnings;
 
my $vcli_install_dir = "C:\\Program Files\\VMware\\VMware vSphere CLI\\bin";
chdir($vcli_install_dir) or die "Could not change to the vCLI directory: $vcli_install_dir";
 
print "Hostname:";
my $host_name = <STDIN>;
chomp($host_name);
 
$ENV{'VI_SERVER'} = $host_name;
my $session_file_name = $ENV{'TEMP'} . "\\vcli.session";
$ENV{'VI_SAVESESSIONFILE'} = $session_file_name;
 
system("..\\Perl\\apps\\session\\save_session.pl");
$ENV{'VI_SESSIONFILE'} = $session_file_name;
 
print "Spawning a logged in subshell.  Type exit to end the session.\n";
system("cmd.exe");
 
# Remove the session file.
unlink($session_file_name);

Using clusterssh to admin multiple service consoles

We have our service consoles set up to disallow root logins and use sudo (with password) for access. Every once in a while this causes us some pain. How do you update file /etc/filex or run some command across a cluster or a bunch hosts when root privileges are needed?

There are multiple ways to approach this type of issue, but one I have not seen much of in the VMware blogosphere is clusterssh. It allows you to interactively type commands on a number of hosts at the same time. If something sticks out you can enter commands on any of the individual boxes.

Some linux distributions include this in their repositories so it can be pretty easy to give it a try (something like apt-get install clusterssh to install). It supposedly works on OS X too.