Crazy about VMware SD-WAN

  If an Enterprise uses its own Orchestrator (VCO) the device is often placed inside the internal Datacenter (DC) network and has a private internal Eth0 address configured. Therfore the internet facing Firewall in the main Data Center will have a static 1:1 translation between the public IP address used by SD-WAN Edges and the private IP address used by the VCO. In my lab Edges are reaching the Orchestrator via 110.1.1.254 and the RO-230-IOL-Entry router will translate it to 10.8.1.254 the VCO address on Eth0. In such cases you need a specific additional system property set to make remote diagnostics to work  as you see you also need to set the network.portal.websocket.address Then Remote Diagnostic access from your browser using the internal private address and edges using the public address should work.  

When you set up new Orchestrator and Gateways it typically takes some time until you need to relogin via SSH or via Console in order to do for example an upgrade to a new version. Default password expiration is typically set to 90 days . Normally when for an account the password is expired you still can login via console and specifiy a new password afterwards. Unfortunately VMware SD WAN Orchestrator and Gateways have a specific setting, that completely disables login of vcadmin after the first 90 days without any password change even on console. In that case you are left with unreachable VCO and VCGs regarding CLI. So the only way to overcome is a password reset procedure: And there are as far as I have seen, 2 ways to do such a password reset:  Password Reset via GRUB Recovery Mode   Reconnect of Disk to separate Unix System and doing Password  Reset from there As the first method is much simpler you should always try that one, before using the 2nd one. WARNING : ...

In this blog I want to share some findings gathered in the last year regarding not so well documented traps when setting up and maintaining your own Orchestrator and Gateways  So let's start with a recent one: VCO Update 4.5 fails with OSError: [Errno 28] No space left on device  When upgrading to version 4.5.x a general error arises in case you never have enlarged the size of a specific LVM volume on the VCO vcadmin@vco-01:~$ sudo /opt/vc/bin/vco_software_update                         2021-10-12 09:39:13,817 - UPGRADE - WARNING - Verification key does not exist: /var/lib/velocloud/software_update/keys/software.key WARNING: failed to verify package identity. Proceed as untrusted [y/n] [n]: y 2021-10-12 09:39:17,908 - UPGRADE - WARNING - WARNING: installing untrusted package 2021-10-12 09:39:17,908 - UPGRADE - INFO - Loading manifest and extracting p...