Posts

Deep Dive on DMPO and its Performance Features (available and missing) Part 2

Image
  The following Features will be discussed in this second part of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Before diving into the mechanism here an important basic fact:     Remediation is never done for applications classified as LOW priority     TCP optimization TCP has some embedded traffic management capabilities for reliable traffic delivery  (window.size, slow-start, RTT handling,...)  But there are a bunch of factors which can negatively influence the performance, like Latency TCP-slow-start Last Mile network problems Out of Sequence packets Busty losses end host TCP limitations (missing fatures like SACK, windows scaling or timestamp options)  Typically TCP optimization helps on the transmission side and improve the download time for large data transfers over latency-high and lossy WAN links. But it can also be used for improving perfomance when on the receiver side the amount of buffers is limited and/or when the client is n
Post a Comment
Read more

Deep Dive on DMPO and its Performance Features (available and missing) Part 1

Image
 In the last year I got quite deep insight into ther vendors SD-WAN implementation and also have seen what various vendors are critizising about the VMware DMPO features. Also there are a lot of misconceptions on the market around some of these features. So let´s try and evaluate and look a little bit deeper into typical performance features and the VMware implementation of them Features discussed in this Blog (Part 1) Per Packet Load Balancing Forward Error Correction (FEC) Packet Replication Latency Remediation The following Features will be discussed in Part 2 of my blog TCP Optimization Techniques Dejitter Buffering SAAS Application Monitoring   Per Packet Load Balancing  Unfortunately this term can be quite easily misinterpreted, when you Google for the term and get the following result:  This behaviour (often criticized by other vendors about VMware) as described above would only work quite well when you have very similar or equal connections. If for example 2 links have  both 10
Post a Comment
Read more

Secure Edge CLI Access: Addditional Useful Commands and Parameter

Image
 additionally to the possible commands and paramteres described in the docu Secure Edge CLI: Output Examples V5.2 there are a lot of useful commands and procedures you can use  Here some of the commands which does not have a direct representation in the Remote Diagnostics debug --dec  <shows the actual detailed status and QOE for each path RX and TX>   debug --peer_stats all <shows packet counts and peer-is for all peers> the peer-id is needed for a detailed dump of peer statistics per peer diag PATHS_DUMP --peer <peer-id> <shows counter and QOE parameters for all paths to a specific peer> for a nice display you need a terminal window of 350 chars/line if you have priviledged shell access you can also use cd /opt/vc/bin in this directory you find a lot of internal but useful prgrams, phyton or shell scripts like...  ./dispcnt here an example for usage:   ./dispcnt -s  bgp -t 15 -z   shows all non-zero bgp counter updated every 15 seconds until you press Cntrl-C
Post a Comment
Read more

New Troubleshooting Tools Part 2: Secure Edge Access Implementation and Usage

Image
 In this Blog we look into the necessary settings for allowing Secure Access to the EDGE via CLI. This new feature allows priviledged secure access using script and shell and for Basic access there is a scripted procedure with a restricted set of commands. In principle many of the information can also be retrieved using remote diagnostics BUT the CLI access is much quicker without waiting for the next hearbeat (~ 30 seconds) before getting the result. These are the necessary steps to activate the new feature using key-based access Step 1: Activating Secure Edge Access (once per customer) Step 2: In the same window switch to Key Based Authentication Step 3: any superuser can then define if Basic (script based only) or Priviledged (script or shell) should be allowed NOTE: the CLI username is   <1 character e ... enterprise, o...operator><user-id><username (with "@" and "." converted to "_")> Now the user can under "My Account"/&qu
Post a Comment
Read more

SD-WAN Version 5.x: New Monitoring and Troubleshooting Features Part 1

Image
In this first part we look into   History Flow Table Gateway Routing and BGP Table  Firewall Logs on VCO Part 2 will follow with information on troubleshooting using the Edge CLI History Flow Table for Private Segments only a summary will be displayed (see last line in above screenshot) NOTE: the actual flow table can still be gathered via Remote Diagnostics Gateway Routing Table and BGP Routes     After the 2 minutes the VCO closes the connection to the gateway   Firewall Logs on VCO       Again here on all my 2 VCOs the same 400 error appears, it seems that there is an unknown conversion to run, as the firewall log uses a newer clickhouse database now instead of the standard mysql. Unfortunately up to now, none of my contacts at VMware could help me, as i assume that there is a conversion script needed for that feature. Next blog will have a look into Toubleshooting using the Edge CLI, stay tuned...
Post a Comment
Read more

SD-wan Version 5.2: (Obligatory) new GUI and some changed Features and Configuration Hierarchies

Image
  Per default in version 5.2 the new Angular (html5) based GUI is now the only installed one. So you should  get familiar with that new UI  But if you search and search and do not find the necessary item in the new UI but need it urgently, what can you do ? An operator can allow also the classical UI by changing a System Parameter to TRUE:  and then the operator or MSP can enable the classical UI for the customer as Operator/MSP/User then you see the "Open Classic Orchestrator" in the upper right area NOTE: the classic UI is not maintained anymore, so there are already some items only vailable in the new UI and any new feature will only be visible by using the new UI Working with the new UI in my environment there were 2 features which were not easy to find. 1. Assign new image to an Edge In the old GUI you could go to the Configure/Edges and under Actions you could select "Assign new Image to Edge". It seems that this feature has been removed (I double checked the
2 comments
Read more

Orchestrator Upgrade to Version 5.2

Image
 Recently I upgraded my VMware SD-WAN lab from version 5.0 to 5.2. Since some previous versions the official documentation  recommends to ask TAC for help in upgrading.   Docu 5.2: Orchestrator Upgrade  But if you have an unsupported implementation, like I do, you need to do it on your own: Trying to copy the new version to the VCO failed and I found out that I needed to increase a disk volume How to increase disk volume on VCO is described in this blog:   VCO Upgrade to 4.5.x After increasing the disk size my copy succeeded   NOTE: I did not copy direct to the installation directory including a renaming, as once an upgrade started that file gets deleted and if there are any problems to have to redo the copy from outside.  vcadmin@vco-lab-254:~$ ls -l total 2504488 drwxr-x--- 2 root    root          4096 Aug 31  2022 20220831130007 -rw-rw---- 1 vcadmin vcadmin 2564587520 Aug 10 07:57 vco-debs-signed-5.2.0.3-R5203-20230809-GA-ff5cd1917e.tar vcadmin@vco-lab-254:~$ sudo cp vco-debs-signed
Post a Comment
Read more