From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer
arista_logo

Arista Networks VM Tracer Connects Switches to vCenter & Automates VLAN Provisioning

917 Words. Plan about 6 minute(s) to read this.

Arista Networks sells low-latency, high-density, merchant-silicon based Ethernet switches that run a modular OS called Extensible Operating System (EOS). While the hardware is certainly commendable, I feel that software is Arista’s differentiator. From my network engineer’s perspective, EOS was built to make my life easier. The idea is that EOS can be used to get good information about the switch, processes, and traffic flowing through the switch easily. I have several hundred more pages of EOS manual reading to do before I feel competent to talk about EOS magic in much detail; the EOS 4.12.3.1 config guide is 1,780 pages. But I do have one splendid example I can share right now: VM Tracer. VM Tracer is not brand new from Arista, but happens to be new to me.

What does VM Tracer do?

VM Tracer is an EOS tool available across all Arista 7000 series of switches. VM Tracer connects your Arista switch to VMware’s vCenter, and learns what VMs, hosts, vswitches, and vnics are connected to the physical ports on your Arista. While a virtualized server cluster is a darkened corner of the network to many network engineers, VM Tracer provides a straightforward way of learning what’s on the other side of the hypervisor.

Perhaps the real magic of VM Tracer is not in the information it can parse from vCenter, but is in the ability to automatically provision VLANs in the switch, based on the VLANs required by the VMware environment. In other words, if VMware creates a VLAN, that information is learned by VM Tracer. If the VLAN doesn’t exist, VM Tracer will create it on the switch. VM Tracer can also automatically prune the 802.1q uplinks to VMware hosts; any 802.1q link should only allow the VLANs actually required to be carried on it, as this keeps the L2 broadcast/flooding domain as small as possible. If VM Tracer does this automatically, that saves network operations from having to perform this mundane task.

VM Tracer also offers support for VXLAN, as well as vShield Manager, although those were not elements of the VM Tracer configuration I did today.

How does VM Tracer work?

There’s 2 key configuration elements for VM Tracer.

  1. The switch must authenticate to vCenter. Up to 4 vCenters are supported per switch. VM Tracker uses vCenter’s SOAP API to pull information. Simply authenticating to vCenter and pulling data in via SOAP will provide a certain amount of information, but not all the information that would be of value. For the rest, you need to go to the next step.
  2. Switch interfaces that are uplinked to VMware ESX hosts must be configured for VM Tracer mode. What this does is send CDP or LLDP (neighbor discovery protocols) traffic from the Arista interface to the ESX host. The ESX host sees the discovery packets, and updates vCenter with the information. VM Tracer then pulls that information back out of vCenter, and can correlate the virtual machines, virtual nics, virtual switches, etc. with the physical ports that the discovery packets were sent from.

With the configuration complete, VM Tracer builds a table of VM information, accessible through the EOS CLI. Now a network operator has insight into what’s living beyond that physical port besides a bunch of MAC addresses.

Image taken from official Arista EOS documentation.

Image taken from official Arista EOS documentation.

The EOS code required for basic configuration of VM Tracer is simple.

First, configure the session. In this example, the Arista switch will contact a vCenter at 192.168.169.170 and attempt to authenticate with the indicated username and password. Automatic provisioning of VLANs has been disabled, which I’m showing because I know instinctively that some network engineers cringe at the thought of automation. We’ve all had our bad experiences.

vmtracer session 1
   url https://192.168.169.170/sdk
   username AristaUser
   password AmazinglySecret
   autovlan disable

Secondly, each switchport that uplinks an ESX host should be placed into VM Tracer mode to enable sending of discovery packets.

interface Ethernet38
   vmtracer vmware-esx

That’s it.

What does VM Tracer output look like?

Here’s some scrubbed sample output from an Arista switch running VM Tracer.

CORE-CORE01-DC#show vmtracer interface Ethernet38

Ethernet38 : 192.168.169.13/vSwitch0/vmnic1
   VM Name          VM Adapter          VLAN   Status    State
   VMKernel         vmk2                123    Up/Down   —
   Example-VM       Network adapter 2   234    Up/Down   —
   CORE-SRV-DC4     Network adapter 1   3245   Up/Down   —
   VMKernel         vmk0                native Up/Down   —
   Helpdesk         Network adapter 1   168    Up/Down   —
   WWW              Network adapter 1   78     Up/Down   —
   CORE-SRV-AD1     Network adapter 1   3456   Up/Down   —
   CORE-SRV-DHCP02  Network adapter 1   3456   Up/Down   —
   CORE-SRV-DC2     Network adapter 1   3456   Up/Down   —
   CORE-SRV-SFTP1   Network adapter 1   3456   Down/Down —
CORE-CORE01-DC#show vmtracer vm Example-VM
VM Name  Example-VM
  Interface   :     Et38
  vNIC        :     Network adapter 2
  MAC         :     04:50:60:70:80:90
  Portgroup   :     VLAN 234 Windows Server
  VLAN        :     234
  Switch      :     vSwitch0
  Status      :     Up/Down
  Host        :     192.168.169.13
  Data Center :     CORE-DC-1

  Interface   :     Et37
  vNIC        :     Network adapter 2
  MAC         :     04:50:60:70:80:90
  Portgroup   :     VLAN 234 Windows Server
  VLAN        :     234
  Switch      :     vSwitch0
  Status      :     Up/Down
  Host        :     192.168.169.13
  Data Center :     CORE-DC-1

CORE-CORE01-DC#

I’ll leave it up to your imagination from there to visualize the data shown in the CLI output versus what you’d see in vSphere, since scrubbing vSphere data would be a bit more painful. I believe I’ve showed off enough to give the general idea.

The Future of VM Tracer

I don’t know exactly what’s next for VM Tracer, but apparently there is more goodness coming from the Arista folks along the lines of what VM Tracer does. So sayeth Doug Gourlay, VP of Systems Engineering. See tweet embedded below.

Links

VM Tracer Overview

VM Tracer Product Page

Automatic Edge VLAN Provisioning with VM Tracer From Arista (Ivan Pepelnjak)