Tag Archives: NSX

PS: Making a generic NSX REST api calls

Here is a script that I picked up and mod to make generic GET calls to NSX via REST api. Why did I wrap the rest api call into a function? This is to allow you to build out other logic for processing the output after making the call. For example, you may want to modify the script to get a list of edges and check their statuses.

   Executes NSX Rest api GET method and returns the XML results
   Use this script to execute rest api calls to NSX
   File Name  : Get-NSXQuery.ps1
   Author     : Not me!!
   Version    : 1.0
   XML formatted object from NSX's REST api call
   FQDN or IP of NSX manager
   api request string, e.g. "/api/3.0/edges"
   secure string credentials from get-credentials
.\Get-NSXQuery.ps1  -nsxmgr nsxmgr_fqdn -reqtext "/api/3.0/edges" -cred $cred

function Get-NSXRestCall {


    Process {

    ### Ignore TLS/SSL errors
    add-type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        public class TrustAllCertsPolicy : ICertificatePolicy {
            public bool CheckValidationResult(
                ServicePoint srvPoint, X509Certificate certificate,
                WebRequest request, int certificateProblem) {
                return true;
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

    ### Create authorization string and store in $head
    $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Username + ":" + $Password))
    $head = @{"Authorization"="Basic $auth"}

    ### Connect to NSX Manager via API
    $r = Invoke-WebRequest -Uri $Request -Headers $head -ContentType "application/xml" -ErrorAction:Stop
    if ($r.StatusCode -eq "200") {Write-Host -BackgroundColor:Black -ForegroundColor:Green Status: Connected to NSX successfully.}
    else {Write-Host -BackgroundColor:Black -ForegroundColor:Red Status: Error connecting to NSX!}
    return [xml]$r.Content

    } # End of process


if (!$Cred) {
  $Cred = get-credential -Message "Please enter your credentials"

$request = "https://" + $NSXMgr + $reqtext
$rxml = Get-NSXRestCall -request $request -username $Cred.Username -password $Cred.GetNetworkCredential().password

return [xml]$rxml
Leave a comment

Posted by on April 17, 2018 in powershell


Tags: ,


As a second part from my previous post, I modified the script to run Central CLI. One thing to note, you need to add “accept”=”text/plain” into the header when running central CLI command or you will get 406 errors (sorry, I found this out in one of the blogs, but couldn’t give the proper credits).

Lastly the request returns a bunch of text and not XML or JSON.


Read the rest of this entry »

Leave a comment

Posted by on February 15, 2018 in powershell, vmware


Tags: , , ,

PS+REST: ESXi hosts’ NSX Channel Health check

As part of the daily checks for NSX, we need to ensure that the communication channel on all ESXi hosts are healthy.

The REST API for channel health is straight forward, just feed the list of host IDs into the API and query the hostConnStatus for the XML file. Read the rest of this entry »

Leave a comment

Posted by on February 15, 2018 in powershell, vmware


Tags: , ,

NSX: A rookie lesson in packet tracing

Recently we encountered an interesting issue. A particular VM in the cloud be a unpingable sometimes. When the network guy tried to ping this VM from the cloud border routers, there would be no reply from one of the router. Yet on the other router there is no issue. So we had to figure out what happened to the ping packets in the cloud. Read the rest of this entry »

Leave a comment

Posted by on November 5, 2017 in Cloud, vmware


Tags: , , , , , , ,

Cross vCenter NSX failover and failback

So what does NSX cross vCenter failover look like in a real world scenario?

In this setup, we have 2 NSX managers across two sites, with Site A hosting the primary and DR Site hosting the secondary NSX manager. Simulating a DR scenario, the primary NSX manager, all 3 controllers and all the universal DLR control-VMs are shutdown in Site A

Read the rest of this entry »


Posted by on May 21, 2017 in Cloud, vmware


Tags: , , ,

NSX: Edge high availability dead time value

Well studying for my NSX 6.2 exams, I found that there were some confusing over dead time value and polling interval for NSX edge HA. While doing my NSX class I asked my instructor about it and he clarified the following:

In NSX Edge HA configuration (as of 6.3) :-

  • Default Declare dead time is 15 seconds
  • The minimum acceptable value 9 seconds, anything below 9 seconds will not work
  • The polling interval is 1 seconds

You can see the polling interval by running “debug packet” commands in the edge.

How does the dead time value impact connectivity? As a quick test, I have a machine pinging another machine behind the Edge HA.

Dead time = 15 seconds –> 11 ping time out

Dead time = 9 seconds –> 4 pings time out

Leave a comment

Posted by on April 6, 2017 in vmware


Tags: , ,