Cisco Nexus 1000V System Management Configuration Guide, Release 4.2(1)SV2(2.1)
Managing Server Connections
Downloads: This chapterpdf (PDF - 1.4MB) The complete bookPDF (PDF - 7.28MB) | The complete bookePub (ePub - 3.24MB) | The complete bookMobi (Mobi - 5.56MB) | Feedback

Managing Server Connections

Managing Server Connections

This chapter contains the following sections:

Information About Server Connections

In order to connect to vCenter Server or an ESX server, you must first define the connection in theCisco Nexus 1000V including the following:

  • A connection name
  • The protocol used
  • The server IP address
  • The server DNS name
  • All communication with vCenter Server is secured by the Transport Layer Security (TLS) protocol.

Guidelines and Limitations

A single Virtual Supervisor Module (VSM) can only connect to one vCenter Server at a time. A single VSM cannot connect to multiple vCenter Server at once.

Connecting to the vCenter Server

Before You Begin

Before beginning this procedure, you must be logged in to the CLI in EXEC mode.

You must know the following:

  • The datacenter name
  • The vCenter Server IP address or hostname.

You must be sure the following is set up:

  • The vCenter Server management station is installed and running.
  • The ESX servers are installed and running.
  • The Cisco Nexus 1000V appliance is installed.
  • The management port is configured.
  • The DNS is already configured if you are configuring a connection using a hostname.
  • An extension with vCenter Server has been registered. The extension includes the extension key and public certificate for the VSM. vCenter Server uses the extension to verify the authenticity of the request it receives from the VSM. For instructions about adding and registering an extension, see the Cisco Nexus 1000V Installation and Upgrade Guide.
Procedure
     Command or ActionPurpose
    Step 1 switch# configure terminal  

    Places you in global configuration mode.

     
    Step 2switch(config)# svs connection name  

    Places you in connection configuration mode for adding this connection between the Cisco Nexus 1000V and either a particular ESX server or vCenter Server. By using a name, information for multiple connections can be stored in the configuration.

     
    Step 3switch(config-svs-conn)# protocol vmware-vim  

    Use the http keyword to specify that this connection uses the VIM protocol. This command is stored locally.

    http: Specifies that the VIM protocol runs over HTTP. The default is to use HTTP over SSL (HTTPS).

     
    Step 4Do one of the following:  
    • If you are configuring an IP address, go to Step 5.
    • If you are configuring a hostname, go to Step 6.
     
    Step 5switch(config-svs-conn)# remote ip address ipaddress  

    Specifies the IP address of the ESX server or vCenter Server for this connection. This command is stored locally.

    Go to step 7 to configure the datacenter name.

     
    Step 6switch(config-svs-conn)# remote hostname hostname  

    Specifies the DNS name of the ESX server or vCenter Server for this connection. This command is stored locally.

    Note   

    DNS is already configured.

     
    Step 7switch(config-svs-conn)# remote port port number  

    Specifies the HTTP port number of vCenter for this connection. The default port number is 80. Though the communication is HTTPS, vCenter receives the packets on its HTTP port.

     
    Step 8switch(config-svs-conn)# vmware dvs datacenter-name [folder/] name  

    Identifies the datacenter name in the vCenter Server where the Cisco Nexus 1000V is to be created as a distributed virtual switch (DVS). You can use this command before or after connecting. The datacenter name is stored locally.

    Note   

    The Nexus 1000V folder name must be same in the vCenter Server and in the VSM. If the Nexus 1000V folder is renamed in the vCenter Server, you must manually rename the folder name in the VSM. The names are not automatically synchronized, and if they are not the same, the DVS connection between the VSM and vCenter Server is broken.

     
    Step 9switch(config-svs-conn)# connect  

    Initiates the connection. If the username and password have not been configured for this connection, the you are prompted for a username and password.

    The default is no connect. There can be only one active connection at a time. If a previously defined connection is up, an error message appears and the command is rejected until you close the previous connection by entering no connect.

     
    switch# config t
    switch(config)# svs connection VC
    switch(config-svs-conn)# protocol vmware-vim
    switch(config-svs-conn)# remote ip address 192.168.0.1 
    switch(config-svs-conn)# remote port 80
    switch(config-svs-conn)# vmware dvs datacenter-name Hamilton-DC
    switch(config-svs-conn)# connect
    switch# show svs connections 
    connection VC:
        ip address: 192.168.0.1
        protocol: vmware-vim https
        certificate: default
        datacenter name: Hamilton-DC
        DVS uuid: ac 36 07 50 42 88 e9 ab-03 fe 4f dd d1 30 cc 5c
        config status: Enabled
        operational status: Connected
    switch#

    Validating vCenter Server Certificates

    The VSM can validate the certificate presented by vCenter Server to authenticate it. The certificate may be self-signed or signed by a Certificate Authority (CA). The validation is done every time the VSM connects to the vCenter Server. If the certificate authentication fails, a warning is generated but the connection is not impaired.

    Installing Certificates

    Before You Begin

    Check if a vCenter Server certificate can be received:

    1. Run the following command and store the output of this command in a file, for example, sconnect_out.
      openssl s_client –connect vCenterServer_IPaddress:443 –showcerts
    2. Add information about the certificates in a file named cacerts.pem.
    3. Verify that a certificate is received from the vCenter Server:
      openssl verify –CAfile cacerts.pem sconnect_out

    For more information about the OpenSSL commands, go to www.openssl.org.

    Procedure
      Step 1   Create a file named cacerts.pem in bootflash:.
      Step 2   Add a list of trusted certificates in the cacerts.pem file.

      You can add the self-signed certificate of the vCenter Server or the list of root certificate authorities that your security policy allows. The information about each certificate must be included within the following lines:

      -----BEGIN CERTIFICATE-----
      
      -----END CERTIFICATE-----

      Verifying vCenter Server Certificates

      To verify a vCenter Server certificate, use the show svs connections command.

      switch# show svs connections
      connection vc:
          ip address: 172.23.181.103
          remote port: 80
          protocol: vmware-vim https
          certificate: default
          ssl-cert: Authenticated
          . . .
      

      If the authentication fails or the bootflash:/cacerts.pem file is not present, the following message is displayed:

      ssl-cert: self-signed or not authenticated

      In addition, the following warning message is displayed for five times or less after every 3 minutes:

      VMS-1-CONN_SSL_NOAUTH: SSL AUTHENTICATION failure

      Disconnecting From the vCenter Server

      You can disconnect from the vCenter Server, for example, after correcting a vCenter Server configuration.

      Before You Begin

      Before beginning this procedure, be sure you have done the following:

      • Logged in to the Cisco Nexus 1000V in EXEC mode.
      • Configured a Cisco Nexus 1000V connection
      • Connected the Cisco Nexus 1000V to vCenter Server/ESX.
      Procedure
         Command or ActionPurpose
        Step 1switch# configure terminal  

        Places you in global configuration mode.

         
        Step 2switch(config)# svs connection name 

        Places you in a global configuration submode for the connection to vCenter Server.

         
        Step 3switch(config-svs-conn)# no connect 

        Closes the connection.

         
        switch# config t
        switch# (config#) svs connection vcWest
        switch# (config-svs-conn)# no connect

        Removing the DVS from the vCenter Server

        Use this procedure to remove the Distributed Virtual Switch (DVS) from the vCenter Server.

        Before You Begin

        Before beginning this procedure, be sure you have done the following:

        • Logged in to the Cisco Nexus 1000V in EXEC mode
        • Configured a connection to the vCenter Server
        • Connected the Cisco Nexus 1000V to vCenter Server/ESX
        • Checked that the server administrator has removed all of the hosts that are connected to the Cisco Nexus 1000V from the VI client. For more information, see the VMware documentation.
        Procedure
           Command or ActionPurpose
          Step 1switch# configure terminal  

          Places you in global configuration mode.

           
          Step 2switch(config)# svs connection name 

          Places you in a global configuration submode for the connection to vCenter Server.

           
          Step 3switch(config-svs-conn)# no vmware dvs 

          Removes the DVS associated with the specified connection from the vCenter Server.

           
          switch# config t
          switch(config)# svs connection vcWest
          switch(config-svs-conn)# no vmware dvs

          Removing the DVS from the vCenter Server When the VSM Is Not Connected

          Configuring the ability to delete the DVS when the VSM is not connected to the vCenter Server is a two-step process:

          Procedure
            Step 1   Configure the admin user or group. See the Configuring the Admin User or Admin Group section.
            Step 2   Remove the DVS from the vCenter Server. See the Removing the DVS from the vCenter Server section

            Configuring the Admin User or Admin Group

            Before You Begin

            Before beginning this procedure, ensure that the system administrator has created an admin user or admin group on vCenter Server to manage and delete the DVS. This user should not be given any other permissions such as deploying VMs or hosts, and so on. The admin user name configured on the VSM should be the same as the username on vCenter Server.

            Procedure
              Step 1   Determine the name of the DVS.

              Example:
              Step 2   Configure the admin user in the vCenter Server.

              Example:
              Note   

              You can also configure an admin group by entering the admin group groupname command.

              Step 3   Verify that the admin user has been created.

              Example:

              switch# show svs connections 
              
              connection VC:
                  ipaddress: 10.104.63.16
                  remote port: 80
                  protocol: VMware-vim https
                  certificate: default
                  datacenter name: N1K-DC
                  admin: 
                  DVS uuid: a2 …
                  config status: Enabled
                  operational status: Connected
                  sync status: Complete
                  version: VMware vCenter Server 4.1.0 build 258902
              
              switch# config t 
              switch(config)# svs connection VC 
              switch(config-svs-conn) # admin user NAuser 
              switch(config-svs-conn) #show svs connections 
              
              connection VC:
                  ipaddress: 10.104.63.16
                  remote port: 80
                  protocol: VMware-vim https
                  certificate: default
                  datacenter name: N1K-DC
                  admin: NAuser(user) 
                  DVS uuid: a2 …
                  config status: Enabled
                  operational status: Connected
                  sync status: Complete
                  version: VMware vCenter Server 4.1.0 build 258902
              

              Removing the DVS from the vCenter Server Using the Graphical User Interface

              Procedure
                Step 1   Log in to the vCenter Server through the VMware vSphere Client with the admin user account
                Step 2   In the vSphere Client left pane, choose the data center.
                Step 3   Click Hosts and Clusters > Networking.
                Step 4   Right-click the DVS and choose Remove.

                Configuring Host Mapping

                This section includes the following topics:

                • Information about Host Mapping
                • Removing Host Mapping from a Module
                • Mapping to a New Host
                • Viewing Host Mapping

                Information about Host Server Connections

                When a VSM detects a new Virtual Ethernet Module (VEM), it automatically assigns a free module number to the VEM and then maintains the mapping between the module number and the universally unique identifier (UUID) of a host server. This mapping is used to assign the same module number to a given host server.

                Removing Host Mapping from a Module

                Before You Begin

                Before beginning this procedure, be sure you have done the following:

                • Logged in to theCisco Nexus 1000V in EXEC mode.
                • Removed the host from the Cisco Nexus 1000V DVS on vCenter
                Procedure
                   Command or ActionPurpose
                  Step 1switch# configure terminal  

                  Places you in global configuration mode.

                   
                  Step 2switch(config)# no vem module-number  

                  Removes the specified module from software.

                  Note   

                  If the module is still present in the slot, the command is rejected, as shown in this example.

                   
                  Step 3switch(config)# show module vem mapping  (Optional)

                  Displays the mapping of modules to host servers.

                   
                  Step 4switch(config)# copy running-config startup-config 

                  Copies the running configuration to the startup configuration.

                   
                  switch# configure terminal
                  switch(config)# no vem 4
                  switch(config)# no vem 3
                  cannot modify slot 3: host module is inserted
                  switch(config)# show module vem mapping 
                  Mod     Status          UUID                                    License Status
                  ---     -----------     ------------------------------------    --------------
                    3      powered-up     93312881-309e-11db-afa1-0015170f51a8    licensed
                  switch(config-vem-slot)# copy running-config startup-config

                  Mapping to a New Host

                  Before You Begin

                  Before beginning this procedure, be sure you have done the following:

                  • Logged in to the CLI in EXEC mode
                  • Removed the host from the Cisco Nexus 1000V DVS on vCenter

                  Note


                  If you do not first remove the existing host server mapping, the new host server is assigned a different module number.


                  Procedure
                     Command or ActionPurpose
                    Step 1switch# configure terminal  

                    Places you in global configuration mode.

                     
                    Step 2switch(config)# vem module number  

                    Places you in VEM slot configuration mode.

                     
                    Step 3switch(config-vem-slot)# host vmware id server-bios-uuid 

                    Assigns a different host server UUID to the specified module.

                     
                    Step 4switch(config-vem-slot)# show module vem mapping  (Optional)

                    Displays the mapping of modules to host servers.

                     
                    Step 5switch(config-vem-slot)# copy running-config startup-config 

                    Copies the running configuration to the startup configuration.

                     
                    switch# config t
                    switch(config)# vem 3
                    switch(config-vem-slot)# host vmware id 6dd6c3e3-7379-11db-abcd-000bab086eb6
                    switch(config-vem-slot)# show module vem mapping
                    Mod     Status          UUID                                    License Status
                    ---     -----------     ------------------------------------    --------------
                      3      powered-up     93312881-309e-11db-afa1-0015170f51a8    licensed
                      4          absent     6dd6c3e3-7379-11db-abcd-000bab086eb6    licensed
                    
                    switch(config-vem-slot)# copy running-config startup-config

                    Viewing Host Mapping

                    • Use this procedure in EXEC mode to view the mapping of modules to host servers.
                    Procedure
                    Display the mapping on modules to host servers by entering the following command: show module vem mapping

                    Mod Status      UUID                                 License Status
                    --- ----------- ------------------------------------ --------------
                    3   powered-up  93312881-309e-11db-afa1-0015170f51a8  licensed
                    n1000v(config)#
                    
                    

                    Verifying Connections

                    Use this procedure to view and verify connections.

                    Before You Begin

                    • You are logged in to the CLI in any command mode.
                    • You have configured the connection using the Connecting to the vCenter Server procedure.
                    • The Cisco Nexus 1000V is connected to vCenter Server/ESX.
                    Procedure
                    show svs connections [name]

                    Displays the current connections to the Cisco Nexus 1000V.

                    Note   

                    Network connectivity issues may shut down your connection to the vCenter Server. When network connectivity is restored, the Cisco Nexus 1000V will not automatically restore the connection. In this case, you must restore the connection manually using the following command sequence no connect

                    connect


                    n1000v# show svs connections vc
                    Connection vc:
                    IP address: 172.28.15.206
                    Protocol: vmware-vim https
                    vmware dvs datacenter-name: HamiltonDC
                    ConfigStatus: Enabled
                    OperStatus: Connected
                    n1000v#
                    

                    Verifying the Domain

                    Use this procedure to view and verify the configured domain.

                    Before You Begin
                    • You are logged in to the CLI in any command mode.
                    • You have configured a domain using the Creating a Domain procedure.
                    Procedure
                    show svs domain


                    Example:
                    n1000v# show svs domain
                    SVS domain config:
                    Domain id: 98
                    Control vlan: 70
                    Packet vlan: 71
                    Sync state: -
                    n1000v#
                    

                    Display the domain configured on the Cisco Nexus 1000V.


                    Verifying the Configuration

                    Use one of the following commands to verify the configuration:

                    Command

                    Description

                    show running-config

                    Displays the current configuration.

                    If the Cisco Nexus 1000V is not connected to a vCenter Server or ESX server, the output is limited to connection-related information.

                    show svs connections [name]

                    Displays the current connections to the Cisco Nexus 1000V.

                    Note   

                    Network connectivity issues may shut down your connection to the vCenter Server. When network connectivity is restored, the Cisco Nexus 1000V will not automatically restore the connection. In this case, you must restore the connection manually using the following command sequence:

                    no connect

                    connect

                    show svs domain

                    Displays the domain configured on the Cisco Nexus 1000V.

                    show module

                    Displays module information.

                    show server_info

                    Displays server information.

                    show interface brief

                    Displays interface information, including the uplinks to vCenter Server.

                    show interface virtual

                    Displays virtual interface information.

                    show module vem mapping

                    Displays the mapping of modules to host servers.

                    Verifying Module Information

                    Use this procedure to display and verify module information, including a view of the DVS from Cisco Nexus 1000V.

                    Before You Begin
                    • You are logged in to the CLI in any command mode.
                    • You have configured the Cisco Nexus 1000V connection using the Connecting to the vCenter Server procedure.
                    • TheCisco Nexus 1000V is connected to vCenter Server/ESX.
                    • The Server Administrator has already added the host runningCisco Nexus 1000V to the DVS invCenter Server.
                    Procedure
                      Step 1   show module


                      Example:
                      n1000v# show module
                      Mod Ports Module-Type Model Status
                      --- ----- -------------------------------- ------------------ ------------
                      1 1 Virtual Supervisor Module Nexus1000V active *
                      2 48 Virtual Ethernet Module ok
                      3 48 Virtual Ethernet Module ok
                      Mod Sw Hw World-Wide-Name(s) (WWN)
                      --- -------------- ------ --------------------------------------------------
                      1 4.0(0)S1(0.82) 0.0 --
                      2 NA 0.0 --
                      3 NA 0.0 --
                      Mod MAC-Address(es) Serial-Num
                      --- -------------------------------------- ----------
                      1 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA
                      2 02-00-0c-00-02-00 to 02-00-0c-00-02-80 NA
                      3 02-00-0c-00-03-00 to 02-00-0c-00-03-80 NA
                      Mod Server-IP Server-UUID Server-Name
                      --- --------------- ------------------------------------ --------------------
                      1 172.18.217.180 esx-1
                      2 172.18.117.44 487701ee-6e87-c9e8-fb62-001a64d20a20 esx-2
                      3 172.18.217.3 4876efdd-b563-9873-8b39-001a64644a24 esx-3
                      * this terminal session

                      Displays module information.

                      Step 2   show server_info


                      Example:
                      n1000v# show server_info
                      Mod Status UUID
                      --- ----------- ----
                      2 powered-up 34303734-3239-5347-4838-323130344654
                      3 absent 371e5916-8505-3833-a02b-74a4122fc476
                      4 powered-up 4880a7a7-7b51-dd96-5561-001e4f3a22f9
                      5 absent 48840e85-e6f9-e298-85fc-001e4f3a2326
                      6 powered-up eb084ba6-3b35-3031-a6fe-255506d10cd0
                      n1000v#

                      Displays server information.

                      Step 3   show interface brief

                      Example:
                      n1000v# show interface brief
                      --------------------------------------------------------------------------------
                      Port VRF Status IP Address Speed MTU
                      --------------------------------------------------------------------------------
                      mgmt0 -- up 172.28.15.211 1000 1500
                      --------------------------------------------------------------------------------
                      Ethernet VLAN Type Mode Status Reason Speed Port
                      Interface Ch #
                      --------------------------------------------------------------------------------
                      Eth2/2 1 eth trunk up none a-1000(D) --
                      --------------------------------------------------------------------------------
                      Interface VLAN Type Mode Status Reason MTU
                      --------------------------------------------------------------------------------
                      Example
                      n1000v#

                      Displays interface information, including the uplinks to vCenter Server.

                      Step 4   show interface virtual


                      Example:
                      n1000v# show interface virtual
                      --------------------------------------------------------------------------------
                      Port Adapter Owner Mod Host
                      --------------------------------------------------------------------------------
                      Veth49 R-VM-1 2 mcs-srvr35
                      

                      Displays virtual interface information.


                      Feature History for Server Connections

                      Feature Name

                      Releases

                      Feature Information

                      vCenter Server Certificates Validation

                      4.2(1)SV2(2.1a)

                      This feature was introduced.

                      DVS Deletion

                      4.2(1)SV1(4a)

                      This feature was added.

                      Server Connections

                      4.0(4)SV1(1)

                      This feature was introduced.