Changing the default VTEP teaming policy from LACP to FAILOVER_ORDER using API calls via curl in NSX for vSphere
Article ID: 339049
Updated On:
Products
VMware NSX
Issue/Introduction
Ideally once configured , changing the teaming policy of a Virtual Tunnel EndPoint (VTEP) teaming requires removal of existing virtual wires.
The purpose of this article is to explain how to use API calls to perform this task, in order to avoid unnecessary recreation of virtual wires and the associated downtime requirement.
Environment
VMware NSX for vSphere 6.x
Resolution
Firstly, this task can be achieved by un-preparing the cluster for VXLAN and re-preparing the cluster to apply the new settings from the client. However, this is not usually an option in a production environment with active production workloads. Therefore, the steps supplied utilize API calls to update the settings without redeploying the cluster.
Notes:
- This does not change teaming policy of pre-existing portgroups. You will still have to manually update the teaming policy of the VXLAN portgroups which have already been deployed (vmkernel and standard virtual machine portgroups).
- Caution: This procedure modifies the database. Ensure to take a backup before proceeding.
Backup and restore of VMware NSX for vSphere 6.x
Query and modify the VXLAN switch using the Linux curl tool
These steps utilize the Linux tool curl to query the NSX-V manager to modify the configuration of attached VXLAN Virtual Distributed Switch (VDS) .
- Run this API query call to retrieve the Virtual Distributed Switches (VDS) used for VXLAN:
curl -k -u <NSX-admin>:<admin-password> -H "content-type: application/xml" https://<NSX_IP>/api/2.0/vdn/switches
In the below example, we use sample vShield Manager credentials: IP: 172.20.10.99, user: admin, password: default.
curl -k -u admin:default -H "content-type: application/xml" https://172.20.10.99/api/2.0/vdn/switches
- The output of the API query shows all distributed switches configured in NSX Manager. Copy the entries which relate to the switches you are working with to a notepad.
- Now that you have the Managed Object ID (MoID) of the switch you want to perform the change on, run this query to get the configuration of the switch:
curl -k -u <NSX-admin>:<admin-password> -H "content-type: application/xml" https://<NSX_IP>/api/2.0/vdn/switches/<VDS-id>
In this example, the switch name (<VDS-id>) is dvs-232, the teaming policy is LACP_V2 and the active uplink is lag1:
curl -k -u admin:default -H "content-type: application/xml" https://172.20.10.99/api/2.0/vdn/switches/dvs-232
You get an output similar to:
<?xml version="1.0" encoding="UTF-8"?><vdsContext><switch><objectId>dvs-232</objectId><type><typeName>VmwareDistributedVirtualSwitch</typeName></type><name>wiretest</name><revision>7</revision><objectTypeName>VmwareDistributedVirtualSwitch</objectTypeName><scope><id>datacenter-2</id><objectTypeName>Datacenter</objectTypeName><name>Datacenter-A</name></scope><extendedAttributes/></switch><mtu>1600</mtu><teaming>LACP_V2</teaming><uplinkPortName>lag1</uplinkPortName><promiscuousMode>false</promiscuousMode></vdsContext>
Note: If LACPv1 (LACP_PASSIVE) is in use, there are no existing entries for <uplinkPortName> tags defined, you will need to add them manually. For example, if changing the failover policy from LACP_PASSIVE to FAILOVER_ORDER you need to add <uplinkPortName> tags for all uplink names configured on the distributed switch in the order you would like them to appear for virtual wires. After the change the related virtual wires will use the Explicit Failover load balancing policy and the first uplink in the list is chosen.
- With the switch information acquired in step 3, you have 2 options to change the configuration. Both options are detailed in these examples, replace the relevant credentials from your environment.
In this example you are changing the teaming policy for VDS dvs-232 from LACP_V2 to FAILOVER_ORDER. The name of the uplink also changes from <uplinkPortName>lag1</uplinkPortName> to <uplinkPortName>dvUplink1</uplinkPortName><uplinkPortName>dvUplink2</uplinkPortName>
- Option 1: Inline editing with sed:
Copy and paste the relevant portions of the output acquired in step 3 and modify the relevant entries for failover mode, NSX/vShield-admin user, password, VDS name, etc to create the appropriate curl PUT command:
curl -k -u admin:default -H "content-type: application/xml" https://172.20.10.99/api/2.0/vdn/switches/dvs-232 | sed 's|LACP_V2|FAILOVER_ORDER|; s|<uplinkPortName>lag1</uplinkPortName>|<uplinkPortName>dvUplink1</uplinkPortName><uplinkPortName>dvUplink2</uplinkPortName>|' | curl -k -u admin:default -H "content-type: application/xml" -X PUT -d @ https://172.20.10.99/api/2.0/vdn/switches/dvs-232
OR
- Option 2: Modify the content with sed and then redirect to a file for the next query:
- Get the required information and redirect to a config.change file using this command:
curl -k -u admin:default -H "content-type: application/xml" https://172.20.10.99/api/2.0/vdn/switches/dvs-232 | sed 's|LACP_V2|FAILOVER_ORDER|; s|<uplinkPortName>lag1</uplinkPortName>|<uplinkPortName>dvUplink1</uplinkPortName><uplinkPortName>dvUplink2</uplinkPortName>|' > config.change
- Modify the config.change file to reflect the changes you wish to apply.
- Run this command to update the values for using the config.change file:
curl -k -u admin:default -H "content-type: application/xml" -X PUT -d @config.change https://172.20.10.99/api/2.0/vdn/switches/dvs-232
- Get the required information and redirect to a config.change file using this command:
- Option 1: Inline editing with sed:
- Confirm the changes using this command:
curl -k -u admin:default -H "content-type: application/xml" https://172.20.10.99/api/2.0/vdn/switches/dvs-232
Note: These new settings apply to newly created wires and clusters only. To change the configuration data for existing wires you need to manually edit each VXLAN portgroup starting with vxw-***** and adjust the active uplinks, teaming policy, MTU as required.
Feedback
Yes
No
Powered by
