VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Instrukcja Użytkownika Pobierz pdf (Strona 154)

vShield Administration Guide

154 VMware, Inc.

Port Id isthefirstcolumninallothertables(ActivePorts,SwitchState,andPortstats).Thisisaunique

identifierassignedbythevshdmoduleforeachfence‐enabledport.ThisIDisinternalandhasnoexternal

meaning.Itisthedvfilternameforthatporttypecastedto

Uint64.TheportIDisusefultoqueryvaluesfora

specificportusingthefenceutilportInfo <portId>commandwhichoutputsdetailsofonlyoneport.

Active Portsshowsalltheports/vNICswherefencingisactive.ThisincludesthemirrorvNICs.Yourfirst

hosthasfiveportsenabledforfencing,twoofwhich

aremirrorvNICs.ThemirrorvNICscanbeidentifiedby

aspecialfenceIDoffffffe.TheOPIcolumnindicatesthefenceID.Inyoursetup,thefirsthosthasonefence

withID000001.ThenextcolumnindicatesLanId?configuredforthatport.Thisisanindicationofwhich



vSwitchtheportsmightbeconnectedto.Intheoutputbelow,yourfirsthosthastwovSwitches(legacy+

dvswitches).OnehasbeenassignedLanId?1andtheotheronehasLanId?2.Thus,youseetwomirrorvirtual

machinevNICs(oneforeachvSwitch)withdifferentLanIds?inactive

ports.

Switch Stateshowsthelearningtableoftheinternalunicastlearninginfencemodule.InnerMACmeans

theMACofdestinationVM,theouterMACmeansthehostkeyMACofthehostonwhichthisVMispresent.

Thelearningbuildsthistablebylookingatpacketsandittriesto

learnwhichVMisonwhichhost.Thisway,

whenoneVMonthathosttriestoreachanothervirtualmachine,thistableislookedup.Ifthedestination

VMʹsmacisseenintheinnerMACcolumn,thentheOuterMac?isusedasthedestinationhostkeymactobe

put

intheOuterMACheaderaddedbythefencemodule.Ifanentryisnotfoundhere,suchapacketwillbe

broadcast(outerMACheaderʹsdestinationMACwillbesettobroadcast.).Likeanyotherlearningsystem,this

onealsohasmechanismstotimeout/modifylearnt

entries.ThiswilltakecareofthingslikeVMsmovingto

differenthostsortomakesurethatthetabledoesnotgrowtoomuchinsizewithstalemacentries.The

used/age/seenbitsrepresenttheflagsusedbyfencemoduletotrackfrequencyoftheseMACentries.The

learningis

doneonaper‐portlevel,henceyouwouldseethesameinnerMAC‐outerMACpairsondifferent

ports.ThistablealsoshowssamehostkeymacinouterMACsectionsbecauseevenforVMsonthesamehost,

thesamecodeisusedwhereapacketisencapsulatedand

sentfromsourceportanddecapsulatedonthe

destinationport.ThereisnooptimizationforsamehostVMs.ThusforVMsonthesamehost,theouterMAC

willbehostkeyMACofthesamehost.

Port Statisticsshowspacketstatsonaperportbasis.Oneportperrow.Thefromand

Tovmstatsindicate

packetstoandfromvm.Thesubcategoriesindicatethespecificsaboutthepacket.Thedetailsofeachcounter

areinthefollowingstructure.Letmeknowifyouneedanymoreinfoonthis.

Troubleshooting vShield Edge Issues

Virtual Machines Are Not Getting IP Addresses from the DHCP Server

To determine why protected virtual machines are not being assigned IP addresses by a vShield Edge

1VerifyDHCPconfigurationwassuccessfulonthevShieldEdgebyrunningtheCLIcommand:show

configuration dhcp.

2CheckwhetherDHCPserviceisrunningonthevShieldEdgebyrunningCLIcommand:show service

dhcp

3EnsurethatvmniconvirtualmachineandvShieldEdgeisconnected(vCenter>VirtualMachine>Edit

Settings

>NetworkAdapter>Connected/ConnectatPowerOncheckboxes).

WhenbothavShieldAppandvShieldEdgeareinstalledonthesameESXhost,disconnectionofNICs

canoccurifavShieldAppisinstalledafteravShieldEdge.

Load-Balancer Does Not Work

To determine why the load balancer service on a vShield Edge is not working

1VerifythattheLoadbalancerisrunningbyrunningtheCLIcommand:show service lb.

Loadbalancercanbestartedbyissuingthestartcommand.

2Verifytheload‐balancerconfigurationbyrunningcommand:show configuration lb.

Thiscommandalsoshowsonwhichexternalinterfacesthelistenersarerunning.

1 2 ... 149 150 151 152 153 154 155 156 157 158 159 160 161 162

Komentarze do niniejszej Instrukcji

Brak uwag

VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Instrukcja Użytkownika Strona 154

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Oprogramowanie do zarządzania systemami VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API