Wanted to check the below point regarding NSX Exclusion list.
If we add any VM to NSX exclusion list, will it create any impact to other VMs in terms of network interruption.
Has any one faced any problem with respect to this.
If we add any VM to NSX exclusion list, will it create any impact to other VMs in terms of network interruption.
What do you mean by that exactly?
I couldn't see any interruption if I had to set a VM on the exclusion list. But we only have a few virtual routers (Mikrotik, Cumulus) and some NSX components in the exclusion list.
Dear nsxv4746,
To answer your specific question, Keeping one VM in exclusion list makes it independent of the DFW policies, and can communicate with any VM irrespective of the fact if there is a deny rule in place.
It doesn't cause any issue in terms of communication with any other VM.
As mentioned by others above, adding a VM to the exclusion list will impact only that excluded VM. Adding it to the list will remove the slot-2 dvFilter associated with the DFW from the VM. None of the defined rules will be applied to any of the VMs on the list.
I talk a little bit about the DFW exclusion list in troubleshooting scenario 12 on my blog if you are interested:
https://vswitchzero.com/2018/12/01/nsx-troubleshooting-scenario-12-solution/
Thanks,
Mike
In my environment I have nearly 460 VMs in my exclusion list.
When I add any new VM into the exclusion list, I observe some kind of network interruptions to the VMs which are already into the exclusion list.
Is this normal behaviour ?
Adding any VMs into the exclusion list will it have any change or impact to the already VMs in the exclusion list.
That is definitely not normal and expected behavior. I'm not aware of any bugs or misconfiguration that could cause that, but I'd recommend opening an SR with GSS to look into this - especially if its reproducible.
Let me know what exactly happens when a VM is added to the exclusion list.
1) What will happen to the VMs which are already there in the exclusion list when a new VM is added to the exclusion list ?
2) When a VM is added to the exclusion list , will there be any changes to the existing ACL policies configured for DFW ?
- Will there be any changes happening to the existing DFW rules ?