Crazy about VMware SD-WAN

 additionally to the possible commands and paramteres described in the docu Secure Edge CLI: Output Examples V5.2 there are a lot of useful commands and procedures you can use  Here some of the commands which does not have a direct representation in the Remote Diagnostics debug --dec  <shows the actual detailed status and QOE for each path RX and TX>   debug --peer_stats all <shows packet counts and peer-is for all peers> the peer-id is needed for a detailed dump of peer statistics per peer diag PATHS_DUMP --peer <peer-id> <shows counter and QOE parameters for all paths to a specific peer> for a nice display you need a terminal window of 350 chars/line if you have priviledged shell access you can also use cd /opt/vc/bin in this directory you find a lot of internal but useful prgrams, phyton or shell scripts like...  ./dispcnt here an example for usage:   ./dispcnt -s  bgp -t 15 -z   shows all non-zero bgp counter updated every 15 seconds until you press Cntrl-C

 In this Blog we look into the necessary settings for allowing Secure Access to the EDGE via CLI. This new feature allows priviledged secure access using script and shell and for Basic access there is a scripted procedure with a restricted set of commands. In principle many of the information can also be retrieved using remote diagnostics BUT the CLI access is much quicker without waiting for the next hearbeat (~ 30 seconds) before getting the result. These are the necessary steps to activate the new feature using key-based access Step 1: Activating Secure Edge Access (once per customer) Step 2: In the same window switch to Key Based Authentication Step 3: any superuser can then define if Basic (script based only) or Priviledged (script or shell) should be allowed NOTE: the CLI username is   <1 character e ... enterprise, o...operator><user-id><username (with "@" and "." converted to "_")> Now the user can under "My Account"/&qu

In this first part we look into   History Flow Table Gateway Routing and BGP Table  Firewall Logs on VCO Part 2 will follow with information on troubleshooting using the Edge CLI History Flow Table for Private Segments only a summary will be displayed (see last line in above screenshot) NOTE: the actual flow table can still be gathered via Remote Diagnostics Gateway Routing Table and BGP Routes     After the 2 minutes the VCO closes the connection to the gateway   Firewall Logs on VCO       Again here on all my 2 VCOs the same 400 error appears, it seems that there is an unknown conversion to run, as the firewall log uses a newer clickhouse database now instead of the standard mysql. Unfortunately up to now, none of my contacts at VMware could help me, as i assume that there is a conversion script needed for that feature. Next blog will have a look into Toubleshooting using the Edge CLI, stay tuned...