nsxv4746
Contributor
Contributor

NSX - Exclusion List

Wanted to check the below point regarding NSX Exclusion list.

If we add any VM to NSX exclusion list, will it create any impact to other VMs in terms of network interruption.

Has any one faced any problem with respect to this.

0 Kudos
6 Replies
sk84
Expert
Expert

If we add any VM to NSX exclusion list, will it create any impact to other VMs in terms of network interruption.

What do you mean by that exactly?

I couldn't see any interruption if I had to set a VM on the exclusion list. But we only have a few virtual routers (Mikrotik, Cumulus) and some NSX components in the exclusion list.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
0 Kudos
Beingnsxpaddy
Enthusiast
Enthusiast

Dear nsxv4746​,

To answer your specific question, Keeping one VM in exclusion list makes it independent of the DFW policies, and can communicate with any VM irrespective of the fact if there is a deny rule in place.

It doesn't cause any issue in terms of communication with any other VM.

Regards Pradhuman VCIX-NV, VCAP-NV, vExpert, VCP2X-DCVNV If my Answer resolved your query don't forget to mark it as "Correct Answer".
0 Kudos
mdac
Enthusiast
Enthusiast

As mentioned by others above, adding a VM to the exclusion list will impact only that excluded VM. Adding it to the list will remove the slot-2 dvFilter associated with the DFW from the VM.  None of the defined rules will be applied to any of the VMs on the list.

I talk a little bit about the DFW exclusion list in troubleshooting scenario 12 on my blog if you are interested:

https://vswitchzero.com/2018/12/01/nsx-troubleshooting-scenario-12-solution/

Thanks,

Mike

My blog: https://vswitchzero.com Follow me on Twitter: @vswitchzero
0 Kudos
nsxv4746
Contributor
Contributor

In my environment I have nearly 460 VMs in my exclusion list.

When I add any new VM into the exclusion list, I observe some kind of network interruptions to the VMs which are already into the exclusion list.

Is this normal behaviour ?

Adding any VMs into the exclusion list will it have any change or impact to the already VMs in the exclusion list.

0 Kudos
mdac
Enthusiast
Enthusiast

That is definitely not normal and expected behavior. I'm not aware of any bugs or misconfiguration that could cause that, but I'd recommend opening an SR with GSS to look into this - especially if its reproducible.

My blog: https://vswitchzero.com Follow me on Twitter: @vswitchzero
0 Kudos
nsxv4746
Contributor
Contributor

Let me know what exactly happens when a VM is added to the exclusion list.

1) What will happen to the VMs which are already there in the exclusion list when a new VM is added to the exclusion list ?

2) When a VM is added to the exclusion list , will there be any changes to the existing ACL policies configured for DFW ?

     - Will there be any changes happening to the existing DFW rules ?

0 Kudos