VMware Networking Community
arvind2017
Contributor
Contributor
‎08-14-2018 12:07 AM

Prepare vSphere cluster for NSX

Hi,

I am planning to prepare a vSphere cluster for NSX 6.3.2 and install VIBs for the same.

This cluster has many VM`s already running and a part of VLAN network and will not be configured for VXLAN.

i would like to confirm if this process required to put ESXi Host in maintenance or reboot post VIB installation.

Also, i would like to know if this will have any impact on running VM`s in cluster.

7 Replies
Sreec
VMware Employee
VMware Employee
‎08-14-2018 05:26 AM

VIB installation is a seamless activity and you can do it while host is online.

pastedImage_0.png

Note: Based on the feature , you might need to exclude VC and other management servers from firewall rules if they are residing on same cluster.

NSX Manager and service virtual machines are automatically excluded from firewall protection. In addition, you should exclude the vCenter server and partner service virtual machines to allow traffic to flow freely.Excluding virtual machines from firewall protection is useful for instances where vCenter Server resides in the same cluster where firewall is being utilized. After enabling this feature, no traffic from excluded virtual machines will go through the Firewall.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
sk84
Expert
Expert
‎08-14-2018 06:10 AM

I would recommend one of the latest versions: 6.3.5 or 6.3.6.

In 6.3.2 there are some annoying bugs, e.g. the creation of sub-interfaces, which is only possible via API or other UI bugs. And there are also some major problems with dynamic routing (especially with BGP).

But, to be honest, in 6.3.6 there are also a lot of bugs. So read the release notes to see if you are affected and if there is a workaround available:

VMware NSX for vSphere 6.3.2 Release Notes

VMware NSX for vSphere 6.3.6 Release Notes

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
mdac
Enthusiast
Enthusiast
‎08-14-2018 01:08 PM

Just wanted to second sk84's comment - definitely look at upgrading to 6.3.6 before you start preparing your hosts. It's not a perfect release, but much more stable than 6.3.2.

Regards,

Mike

My blog: https://vswitchzero.com Follow me on Twitter: @vswitchzero
0 Kudos
arvind2017
Contributor
Contributor
‎08-14-2018 05:53 PM

Thank you  for the reply !

I have about 100 production VM`s are running in that cluster in which NSX will be installed.

Could you please confirm below NSX installation sequence to ensure no firewall policy is applied while installing NSX until firewall is manually configured for that cluster and FW polices are created.

1. Place all VM`s in exclusion list.

2. Install NSX VIB`s in that cluster.

3. Configure Firewall for that cluster.

4. Create the Firewall polices for VM`s accordingly.

5. Remove VM`s from exclusion list.

0 Kudos
A13x
Hot Shot
Hot Shot
‎08-15-2018 12:51 AM

Are you not able to provision a new cluster for nsx. Then once it is installed and configured migrate vms over? Seems too dangerous if you have not used NSX before to install it onto a cluster with 100 prod vms running. the nsx install can change hosts, vm etc so dont just think you can uninstall vibs and it will all be ok.

0 Kudos
arvind2017
Contributor
Contributor
‎08-15-2018 05:56 PM

No I will not be able to provision new cluster. Need to use the existing cluster.

So If i follow the below steps what will happen ?

1. Add the VMs in the cluster to NSX exclusion list.

2. Install Vibs to this cluster (no reboot is our understanding)

3. Install Firewall (no reboot is our understanding)

With the above steps the cluster will be ready for NSX (we are not planning to use VXLAN, only firewall)

Are the above steps correct. Will there be any impact to the existing VMs in the cluster.

I don`t want  these VMs to be part of firewall so adding them into the exclusion list prior to vib installation.

I dont want any down time to the existing VMs

Let me know if this is fine or suggest the right procedure to achieve this.

0 Kudos
Sreec
VMware Employee
VMware Employee
‎08-15-2018 11:44 PM

Yes, no problem with that approach.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered