One of my customers has configured VXLAN in vCloud Director environment and then created multiple Provider and Org VDCs and deployed virtual networks. Then we found out that MTU and teaming policy configuration was set up incorrectly. Redeployment of the whole environment would take too much time, fortunately there is a way to do this without rip and replace approach.
First little bit of background. VXLAN VTEPs are configured in vShield Manager or in NSX Manager (via vSphere Web Client plugin) on cluster/distributed switch level. vShield/NSX Manager creates one distributed switch port group with given parameters (VLAN, teaming policy) and then for each host added to the cluster creates VTEP vmknic (with configured MTU size and DHCP/IP Pool addressing scheme). This means that teaming policy can be easily changed directly at vSphere level by direct edit of the distributed switch port group and MTU size can be changed on each host VTEP vmknic. However every new host deployed into the VXLAN prepared cluster would still use the wrong MTU size set in vShield/NSX Manager. Note that as there can be only one VTEP port group per distributed switch, clusters sharing the same vSwitch need to have identical VTEP teaming policy and VLAN ID.
The actual vCNS/NSX Manager VTEP configuration can be changed via following REST API call:
PUT https://<vCNS/NSX Manager FQDN>/api/api/2.0/vdn/switches/<switch ID>
with the Body containing the new configuration.
Example using Firefox RESTClient plugin:
- Install Firefox RESTClient plugin.
- Make sure vCNS/NSX Manager certificate is trusted by Firefox.
- In Firefox toolbar click on RESTClient icon.
- Create authentication header: Authentication > Basic Authentication > enter vCNS/NSX Manager credentials
- Select GET method and in the URL enter https://<vCNS/NSX Manager FQDN>/api/2.0/vdn/switches
![VDS Contexts]()
- This will retrieve all vswitch contexts in vCNS/NSX domain. Find ID of the one you want to change and use it in the following GET call
- Select GET method and in the URL enter https://<vCNS/NSX Manager FQDN>/api/api/2.0/vdn/switches/<switch-ID>
![VDS Context]()
- Now copy the Response Body and paste it into the Request Body box. In the XML edit the parameters you want to change. In my case I have changed:
<mtu>9000</mtu> to <mtu>1600</mtu> and
<teaming>ETHER_CHANNEL</teaming> to <teaming>FAILOVER_ORDER</teaming> - Change the metod to PUT and add a new header: Content-Type: application/xml.
![PUT Request]()
- Send the request. If everything went successfully we should get Status Code: 200 OK response.
![OK Response]()
Now we need in vSphere Client change MTU size of all existing hosts to the new value and also change the teaming policy on VTEP portgroup (in my case from Route based on IP hash to Use explicit failover order).
vCloud Network and Security (vShield Manager) supports following teaming policies:
- FAILOVER_ORDER
- ETHER_CHANNEL
- LACP_ACTIVE
- LACP_PASSIVE
- LACP_V2
NSX adds following two teaming policies for multiple VTEP vmknics:
- LOADBALANCE_SRCID
- LOADBALANCE_SRCMAC
Update 9/22/2014
Existing VXLAN VNI portgroups (virtual wires) will use original teaming policy, therefore they need to be changed to match the new one as well.
When using FAILOVER_ORDER teaming policy there must be also specification of the uplinks in the XML. The uplinks should use the names as defined at the distributed switch level.
<teaming>FAILOVER_ORDER</teaming>
<uplinkPortName>Uplink 2</uplinkPortName>
<uplinkPortName>Uplink 1</uplinkPortName>
