Hi,
I am planning to prepare a vSphere cluster for NSX 6.3.2 and install VIBs for the same.
This cluster has many VM`s already running and a part of VLAN network and will not be configured for VXLAN.
i would like to confirm if this process required to put ESXi Host in maintenance or reboot post VIB installation.
Also, i would like to know if this will have any impact on running VM`s in cluster.
VIB installation is a seamless activity and you can do it while host is online.
Note: Based on the feature , you might need to exclude VC and other management servers from firewall rules if they are residing on same cluster.
NSX Manager and service virtual machines are automatically excluded from firewall protection. In addition, you should exclude the vCenter server and partner service virtual machines to allow traffic to flow freely.Excluding virtual machines from firewall protection is useful for instances where vCenter Server resides in the same cluster where firewall is being utilized. After enabling this feature, no traffic from excluded virtual machines will go through the Firewall.
I would recommend one of the latest versions: 6.3.5 or 6.3.6.
In 6.3.2 there are some annoying bugs, e.g. the creation of sub-interfaces, which is only possible via API or other UI bugs. And there are also some major problems with dynamic routing (especially with BGP).
But, to be honest, in 6.3.6 there are also a lot of bugs. So read the release notes to see if you are affected and if there is a workaround available:
VMware NSX for vSphere 6.3.2 Release Notes
VMware NSX for vSphere 6.3.6 Release Notes
Just wanted to second sk84's comment - definitely look at upgrading to 6.3.6 before you start preparing your hosts. It's not a perfect release, but much more stable than 6.3.2.
Regards,
Mike
Thank you for the reply !
I have about 100 production VM`s are running in that cluster in which NSX will be installed.
Could you please confirm below NSX installation sequence to ensure no firewall policy is applied while installing NSX until firewall is manually configured for that cluster and FW polices are created.
1. Place all VM`s in exclusion list.
2. Install NSX VIB`s in that cluster.
3. Configure Firewall for that cluster.
4. Create the Firewall polices for VM`s accordingly.
5. Remove VM`s from exclusion list.
Are you not able to provision a new cluster for nsx. Then once it is installed and configured migrate vms over? Seems too dangerous if you have not used NSX before to install it onto a cluster with 100 prod vms running. the nsx install can change hosts, vm etc so dont just think you can uninstall vibs and it will all be ok.
No I will not be able to provision new cluster. Need to use the existing cluster.
So If i follow the below steps what will happen ?
1. Add the VMs in the cluster to NSX exclusion list.
2. Install Vibs to this cluster (no reboot is our understanding)
3. Install Firewall (no reboot is our understanding)
With the above steps the cluster will be ready for NSX (we are not planning to use VXLAN, only firewall)
Are the above steps correct. Will there be any impact to the existing VMs in the cluster.
I don`t want these VMs to be part of firewall so adding them into the exclusion list prior to vib installation.
I dont want any down time to the existing VMs
Let me know if this is fine or suggest the right procedure to achieve this.
Yes, no problem with that approach.