I was on a project recently where we had to set up VMware HCX in an environment to connect the on-premises datacenter to VMware Cloud on AWS for a Proof of Concept migration. The workloads were varied, ranging from 100 MB to 5TB in size. The customer wanted to stretch two L2 subnets and have the ability to migrate slowly, in waves. During the POC, we found problems with latency between the two stretched networks and decided that the best course of action would be to NOT stretch the networks and instead, do an all-at-once migration.
While setting up this POC, I had occasion to do some troubleshooting on HCX due to connectivity issues. I’m going to walk through some of the troubleshooting I needed to do.
The first thing we did was enable SSH on the NSX manager. To perform this action, you go into the HCX manager appliance GUI and under Appliance Summary, start the SSH service. Once SSH is enabled, you can then login to the appliance CLI, which is where the real troubleshooting can begin.
You’ll want to login to the appliance using “admin” as the user name and the password entered when you installed the appliance. SU to “root” and enter the “root” password. This gives you access to the appliance, which has a limited set of Linux commands.
You’ll want to enter the HCX Central CLI (CCLI) to use the HCX commands. Since you’re already logged in as “root,” you just type “ccli” at the command prompt. After you’re in the CCLI, you can type “help” to get a list of commands.
One of the first tests to run would be the Health Checker. Type “hc” at the command prompt, and the HCX manager will run through a series of tests to check on the health of the environment.
“list” will give you a list of the HCX appliances that have been deployed.
You’ll want to connect to an appliance to run the commands specific to that appliance. As shown above, if you want to connect to the Interconnect appliance, you would type “go 0,” which would connect you to node 0. From here, you can run a ton of commands, such as “show ipsec status,” which will show a plethora of information related to the tunnel. Type “q” to exit this command.
You can also run the Health Check on this node from here, export a support bundle (under the debug command), and a multitude of other “show” commands. Under the “show” command, you can get firewall information, flow runtime information, and a lot of other useful troubleshooting info.
If you need to actually get on the node and run Linux commands for troubleshooting, you’ll enter “debug remoteaccess enable,” which enables SSH on the remote node. Then you can just type “ssh” and it will connect you to the interconnect node.
Have questions about this process? Contact us or leave a reply.
-Michael Moore, Associate Cloud Consultant