VMware Networking Community
rajeevsrikant
Expert
Expert
‎09-20-2017 06:26 AM

VXLAN Port No

I have 5 cluster setup.

1,2,3 clusters I have upgraded from 6.2.2 -> 6.3.2

4,5 Clusters still remain in 6.2.2

At present the default VXLAN port no is 4789.

Would like to know the below.

     - If I change the default VXLAN port no from 4789 to 8472 , what will happen to clusters 4,5

Since the clusters are in 6.2.2 version what will the impact to them if the VXLAN port is changed to 8472

0 Kudos
5 Replies
rajeevsrikant
Expert
Expert
‎09-21-2017 01:47 AM

any inputs

0 Kudos
grosas
Community Manager
Community Manager
‎09-21-2017 06:20 AM

What changed in the later version of NSX is the default VXLAN port (not the ability to operate on a custom port).   Aa long as your firewall policies are in place for both, you should see no issues.

_____________________________________
Gabe Rosas (VMware HCX team at VMware)
Blog: hcx.design
LinkedIn: /in/gaberosas
Twitter: gabe_rosas
0 Kudos
rajeevsrikant
Expert
Expert
‎09-21-2017 10:23 PM

So there will be no impact to the clusters which are in the version 6.2.2 which are not upgraded yet.

0 Kudos
bayupw
Leadership
Leadership
‎09-21-2017 11:38 PM

Based on the NSX admin guide and API Guide, the VXLAN port configuration is per NSX Manager whether it is via UI or via REST API

Change VXLAN Port

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/nsx_63_api.pdf

pastedImage_2.png

The default in 6.2.2 is 8472 and default after 6.2.3 is 4789 same with standard VXLAN IANA port.

Just curious, why would you like to change it back to 8472?

I haven't try this but this blog says (which I believe this is relevant prior NSX 6.2.3) it would disrupt the data plane.

After 6.2.3 should not disrupt data plane per admin guide and API guide, see above screenshot there's a mention of "this method changes the VXLAN port in three phase process, avoiding disruption of VXLAN traffic"

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos
grosas
Community Manager
Community Manager
‎09-22-2017 01:11 AM

There should not be - but this is definitely not a good way to get an impact statement. 

If community says no , and you execute ... and there is impact, then you'll be in a tough spot.   You should try it in a non-production env first.  Regardless of what anyone here says.

_____________________________________
Gabe Rosas (VMware HCX team at VMware)
Blog: hcx.design
LinkedIn: /in/gaberosas
Twitter: gabe_rosas
0 Kudos