VMware NSX controllers are the control plane for NSX Manager. They are deployed in a cluster environment which allows you to add more controllers for better performance and high availability which means if one controller goes down, the other takes up the charge.
Related ArticlesHow to Deploy and Configure VMware NSX Manager 6.2
NSX Controllers stores following tables:
- MAC Table
- ARP Table
- VTEP Table
One or more VMkernel interfaces on each ESXi host for VXLAN functionality. NSX controller keep these tables considering futuristic approach.
NSX controllers considerations:
a. Deployed in odd numbers
Controllers uses a cluster and uses a voting quorum. They should be deployed in odd numbers and should be resilient. The minimum which you can deploy is 1 and max currently supported is 5. But 1 is not resilient and is not supported by VMware. However, it can be used for testing purpose only within the lab environment.
If you have 3 node NSX controller cluster, it allows you to tolerate failure of 1 node, but if 2 goes down things would stop working. These clusters depends on a voting majority. This is because, in case of a split brain or there is a segmentation and 2 controllers end up in one partition and other one in another partition, the side that has 2 controllers knows that they have majority as they started with 3 nodes and they can establish changes.
If you have only 2 nodes and they split into different partitions, they cant push any type of changes as both don't have majority.
b. Not in data path
If you have a 3 node cluster and one of them fail, either fix it or deploy a new node so that you can always have voting majority available
c. Workload is striped across the controllers using the concept of slices.
Controllers scale for both performance and availability. Slicing method is used to distribute the workload. Every job is divided into slices and then its distributed across available nodes. When a new controller is added or existing one fails, these slices can be redistributed.
The following example will make you understand. As you can in image, there are 3 controllers and each one have been assigned a workload
Here Controller 3 goes down and workload are being shifted to remaining available controllers
NSX controllers primarily perform these two functions:\
- VXLAN functions
- Distributed Router
A background function find out the master for each kind of roles. When a controller fails, a new controller becomes master.
NSX Controllers are deployed by NSX Manager. You don't need any additional software of ova/ovf files for deploying them.
Each deployed controller has 4 GB Memory and 4 vCPU by default.
To begin NSX Controller deployment, navigate to Installation section under Networking & Security and click on green ‘+‘ button
Provide the name of the controller and select the Cluster/Resource Pool and datastore where you want to deploy the controller. Also in Connected To box select the same layer 2 portgroup in which your NSX manager functions.
For IP Pool, Click on Select
Provide the mandatory information and Click OK
Select the newly created pool and Click OK to proceed
Provide the password for accessing controllers over SSH and Click OK to finish
Here you can see that NSX manager is now deploying a new controller. Also in Recent Tasks pane you can see a task triggered for Deploying an OVF template.
Once the controller deployment done, you can see the status as connected. Here you can deploy additional controllers.
Click on green ‘+’ button to add up a new controller. Provide a name and necessary information and Click OK.
Keep in mind that the password box will only appear for the First NSX Controller Node. For 2nd and 3rd node same Password will be used.
We have deployed three controllers in my test environment and all are connected.
If you navigate to Host and Cluster view in vCenter, you can see 3 VM’s deployed which corresponds to all 3 controllers.
At this point, let’s examine the controller cluster status via SSH to the controller.
# show control-cluster status
# show control-cluster connections
# show control-cluster roles
We have completed NSX Manager Controllers deployment.
Preparing ESXi Hosts and Cluster
NSX installs three vSphere installation bundles (VIB) that enable NSX functionality to the host. One VIB enables the layer 2 VXLAN functionality. Second VIB enables the distributed router, and the 3rd VIB enables the distributed firewall. After adding the VIBs to a distributed switch, that distributed switch is called VMware NSX Virtual Switch.
Login into vCenter Server using vSphere Web Client and Navigate to Networking & Security > Installation > Host Preparation. Choose your cluster and Click the Install link. NSX will start installing the VIB’s on the ESXi hosts that are part of the cluster.
It will take few seconds to install the VIB’s. Once the installation is completed you can see Installation status as OK and also Firewall status as enabled.
At this stage, VXLAN is not configured and we will configure it later.
Lets verify Status of NSX VIBs
# esxcli software vib list | grep vxlan
# esxcli software vib list | grep vsip
# esxcli software vib get | less
# /etc/init.d/netcpad status
With esxtop command, we can verify the netcpa deamon is running
Upon completion of Cluster Preparation, you can see the vxlan is loaded under the custom stacks in TCP/IP configuration of the ESXi hosts.
We have completed NSX Controllers deployment including the preparation of vSphere hosts and cluster. In the next part of this article, we will configure VXLAN on ESXi hosts.