VMware Networking Community
Hocshop
VMware Employee
VMware Employee
‎06-29-2017 07:53 PM
Jump to solution

NSX NLB protecting a PSC with HA - site failure (vCenter and both PSCs go down).

Hi all,

I am not very clued up regarding NSX but I have been asked a lot of questions recently about what happens if the NLB function of NSX is used to protect the PSC component.

In particular what happens if there is a site failure (as in the vCenter, all PSCs, NSX Mgr etc all go down) and then the power returns?

What order does everything start?

In my understanding, I think there might be a type of chicken and egg situation but I assume that isn´t the case.

Can someone please explain it to me?

The reason I thought there might be a chicken and egg situation is that, if the whole site fails, I believed that the following would have to happen:

First the ESX power on.

Then ideally you would want the PSC to power on then the vCenter and its components including NSX Manager etc.

I thought the NSX Manager would have a dependency on the PSC and vCenter as the NSX would be authenticating against them (maybe this is where I am missing something?)

But as the PSC is under a NLB provided by NSX and the NSX needs to wait for the PSC/vCenter to start, it would be the situation I speak of.

I guess I have missed something so please can anyone help by clarifying it for me?

Ideally I would like to know how the NSX NLB component would be able to start up before the PSC/vCenter powered on, or if it is even necessary.

Sorry if I have missed something very easy here but as I said I am a big newby with NSX.

Thanks in advance.

Mark

0 Kudos
1 Solution

Accepted Solutions
smitmartijn
VMware Employee
VMware Employee
‎06-30-2017 06:00 AM
Jump to solution

Just to clarify a little bit;

You don't need NSX Manager to be online before starting a NSX Edge. If you make sure the NSX Edge is booted before you expect that the PSC will work, you should be fine. (so NSX Edges should be prioritised in the HA settings or automatic startup process)

View solution in original post

0 Kudos
3 Replies
Sreec
VMware Employee
VMware Employee
‎06-30-2017 04:10 AM
Jump to solution

Site failure what you refer is SSO site or entire physical site ?

First the ESX power on.Then ideally you would want the PSC to power on then the vCenter and its components including NSX Manager etc.

There is no correct answer for this. All these management components would be scattered across multiple hosts.When a complete Site fails - Based on which Hosts comes first( may be more than 1 can come up at a time or all the host should boot at the same time ) these management VM's ie PSC/VC/NSX/AD/DNS etc needs to Powered on - Scenario 1 :  At any given point of time how many hosts is required for all these management VM's to get powered on  ? . This is a vSphere BCDR question ,something that we need to test it keeping NSX aside and every environment/architecture is different . For sure you need to consider NSX Control VM ,controllers etc as well.

I guess I have missed something so please can anyone help by clarifying it for me?

Ideally I would like to know how the NSX NLB component would be able to start up before the PSC/vCenter powered on, or if it is even necessary.

Since PSC would be external with HA mode in this case based on Windows/Linux you would have configured DRS rules as well . In order to Power on these machines either you can ignore these rules during HA restart or keep it like that and of-course you need minimum of two hosts to be up and running in that case.

From a accessibility perspective one PSC is enough .Since Edge is LB for PSC -> HA will still remain as the critical factor for Edge to Power-On next available ESXI server -

Most likely you would have configured lookup service in NSX-Hence in this case VIP would be the  your lookupservice ip and in addition to that you should check/understand if NSX manager that is responsible for Edge configuration is the same instance that is integrated with vCenter Server+PSC or it is a totally a different instance . 

Last but on the least - when PSC/VC/NSX etc etc is down or restarting -its just a management plane impact ,there are few exceptions like -->  when we use identity firewall features .

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
smitmartijn
VMware Employee
VMware Employee
‎06-30-2017 06:00 AM
Jump to solution

Just to clarify a little bit;

You don't need NSX Manager to be online before starting a NSX Edge. If you make sure the NSX Edge is booted before you expect that the PSC will work, you should be fine. (so NSX Edges should be prioritised in the HA settings or automatic startup process)

0 Kudos
Hocshop
VMware Employee
VMware Employee
‎06-30-2017 03:15 PM
Jump to solution

Thanks to both Sree and smitmartijn for your replies.

Very helpful both of them.

Regards.

0 Kudos