6 Replies Latest reply on Feb 5, 2019 5:09 AM by nsxv4746

    NSX - Exclusion List

    nsxv4746 Lurker

      Wanted to check the below point regarding NSX Exclusion list.

      If we add any VM to NSX exclusion list, will it create any impact to other VMs in terms of network interruption.

       

      Has any one faced any problem with respect to this.

        • 1. Re: NSX - Exclusion List
          sk84 Expert
          vExpert

          If we add any VM to NSX exclusion list, will it create any impact to other VMs in terms of network interruption.

           

          What do you mean by that exactly?

           

          I couldn't see any interruption if I had to set a VM on the exclusion list. But we only have a few virtual routers (Mikrotik, Cumulus) and some NSX components in the exclusion list.

          • 2. Re: NSX - Exclusion List
            Beingnsxpaddy Enthusiast
            vExpert

            Dear nsxv4746,

             

            To answer your specific question, Keeping one VM in exclusion list makes it independent of the DFW policies, and can communicate with any VM irrespective of the fact if there is a deny rule in place.

             

            It doesn't cause any issue in terms of communication with any other VM.

            • 3. Re: NSX - Exclusion List
              vswitchzero Enthusiast
              vExpert

              As mentioned by others above, adding a VM to the exclusion list will impact only that excluded VM. Adding it to the list will remove the slot-2 dvFilter associated with the DFW from the VM.  None of the defined rules will be applied to any of the VMs on the list.

               

              I talk a little bit about the DFW exclusion list in troubleshooting scenario 12 on my blog if you are interested:

              https://vswitchzero.com/2018/12/01/nsx-troubleshooting-scenario-12-solution/

               

              Thanks,

              Mike

              My blog: https://vswitchzero.com
              Follow me on Twitter: @vswitchzero
              • 4. Re: NSX - Exclusion List
                nsxv4746 Lurker

                In my environment I have nearly 460 VMs in my exclusion list.

                When I add any new VM into the exclusion list, I observe some kind of network interruptions to the VMs which are already into the exclusion list.

                Is this normal behaviour ?

                 

                Adding any VMs into the exclusion list will it have any change or impact to the already VMs in the exclusion list.

                • 5. Re: NSX - Exclusion List
                  vswitchzero Enthusiast
                  vExpert

                  That is definitely not normal and expected behavior. I'm not aware of any bugs or misconfiguration that could cause that, but I'd recommend opening an SR with GSS to look into this - especially if its reproducible.

                  My blog: https://vswitchzero.com
                  Follow me on Twitter: @vswitchzero
                  • 6. Re: NSX - Exclusion List
                    nsxv4746 Lurker

                    Let me know what exactly happens when a VM is added to the exclusion list.

                    1) What will happen to the VMs which are already there in the exclusion list when a new VM is added to the exclusion list ?

                    2) When a VM is added to the exclusion list , will there be any changes to the existing ACL policies configured for DFW ?

                         - Will there be any changes happening to the existing DFW rules ?