NSX Management and Control Plane Components

  • Tasks
    • Describe what the NSX Manager does; Describe the NSX Controller cluster
    • Software and infrastructure requirements
    • Deploy and config NSX manager
    • Deploy and config the NSX controller cluster
    • Note: These are notes from when I took my VCP6-NV v6.2 course

 

  • NSX Manager
    • Virtual appliance
    • Manages 1 single vcenter environment
    • Management component
    • 1:1 mapping
    • Plug in injected to vcenter webclient
    • Network Planes
      • Data plane carries network user traffic
      • Control plane carries signaling traffic
      • Mgmt plane carries management traffic
    • WHAT DOES IT DO
      • Provides NSX API
      • Installs world agents for extensible LAN (VXLAN), distributed routing, and distributed fw kernels
      • Deploys controller cluster nodes
        • Config cluster nodes via representational state transfer API (REST)
      • Config hosts via message bus
      • Makes certs to secure control plane
      • Deploy logical networks and services
    • Requirements
      • vCenter5.5+
      • Clusters with 5.5 esxi 5.5+
      • Network supporting max transmission unit (MTU) of at least 1600 bytes for VXLAN
      • Vsphere distributed switch
      • Vmware tools (some features need for dist fw)
      • 16gb mem, 4vcpu, 60gb disk – preconfigured
      • Network connectivity to vcenter
      • Client Access
        • Web client
        • Cookies enabled
        • IE 8,9 64bit, 10
        • FF last 2 ver
        • Chrome last 2 ver
        • Correct dns for hosts added by name
        • Permissions to power on and add vms
        • Permissions to add files to vm datastore
        • Time sync between components

 

  • NSX Controller Cluster
    • Part of control plane
    • Single point of ADMIN for NSX
    • No data plane traffic passes through it
    • 3 controller nodes for HA – only supported config
      • Any failure of nodes does not stop data plane traffic
    • Benefits
      • VXLAN and logical routing to esxi hosts
      • Clustering for scale out and HA
      • Workload distribution in cluster
      • Maintenance of VXLAN Tunnel endpoint (VTEP) MAC, ARP tables for VXLAN
      • Removal of vxlan dependency on
      • icast in physical network
      • Suppress arp broadcast in VXLAN network
      • NSX manager pushes info to cluster that then pushes it to hosts
      • Netpca user world agent on hosts collects info and reports to the NSX controllers
        • Vms connection on logical switches
        • Ips
        • MACs
      • USER WORLD AGENTS
        • Netcpa
          • Uses SSL to secure control plane
          • Mediates between nsx controller instances and kernel modules, except distributed FW
          • Sends info about vms IP, MAC
          • Get NSX manager info via message BUS agent
        • Vsfwd
          • Constalntly on ESXi host
          • Gets distirbuted FW rules from NSX manager
          • Gather FW stats and send them to NSXM
          • Send audit logs to NSXM
          • Get confgig from NSXM to create or delete distributed logical router or edge services gateway
        • Control plane uses self signed SSL for encryption
        • Verify certs for mutual authentication
        • Responsible for
          • Logical switches and logical routers
          • Communication with hosts about distributed routers and logical switches
      • Must
        • Dynamically redistribute workload
        • Sustain failure
        • Slicing workloads for any given role
      • 4vCPU and 4GB of ram*****DO NOT MODIFY
      • Must be deployed to same vcenter as NSX manager
      • Use horizontal striping
      • Requires anti-affinity rules with a minimum of 3 ESXi hosts
  • NSX Installation Order
    1. Deploy NSX Manager
    2. Register NSX manager with vcenter
    3. Deploy 3 NSX control cluster using webclient or API
    4. Prepare hosts
    5. Deploy logical network services
Scroll to Top