NSX-T Management Cluster Deployment: Part 1
NSX-T Management Cluster Deployment: Part 1
NSX-T Management Cluster Deployment: Part 1
Deployment: Part 1
1. NSX-T Management Cluster Deployment: Part 1 (this blog) – shares the general
requirements which are common across the deployment options discussed in
Part 2.
2. NSX-T Management Cluster Deployment: Part 2 – uncovers the deployment
options and their relevant use cases.
At first, I thought about writing one blog relevant to NSX-T Management Cluster
deployment options, but there were quite a few requirements that were common
across the deployment options, which led me to split this topic in two parts. This Blog
is Part 1 and talks about i.e. general requirements of NSX-T Management Cluster:
1. NSX-T Manager deployment is hypervisor agnostic and is supported on vSphere
and KVM based hypervisors:
Hypervisor Version (for NSX-T v2.5) Version (for NSX-T v2.4) CPU Memory
Cores
RHEL KVM 7.6, 7.5, and 7.4 7.6, 7.5, and 7.4 4 16
2. The maximum network latency between NSX Manager Nodes in the cluster
should be 10ms.
3. The maximum network latency between NSX Manager Nodes and Transport
Nodes should 150ms
4. NSX Manager must have a static IP address and you cannot change the IP
address after installation.
5. The maximum disk access latency should be 10ms
6. When installing NSX Manager, specify a hostname that does not contain invalid
characters such as an underscore or special characters such as dot “.”. If the
hostname contains any invalid character or special characters, after deployment
the hostname is set to nsx-manager.
7. The NSX Manager VM running on ESXi has VMTools installed – Remove or
upgrade of VMTools is not recommended
8. Verify that you have the IP address and gateway, DNS server IP addresses,
domain search list, and the NTP server IP address for the NSX Manager to use.
9. Appropriate Privileges to deploy OVF Template
10. The Client Integration Plug-in must be installed.
11. NSX Manager VM Resource requirements:
For further information on maximum configuration details please see the link here
General Best Practices:
In versions prior to NSX-T v2.4, four appliances were deployed based on roles i.e.
one management appliance and three controller appliances, that were to be
managed for NSX. From v2.4 – The NSX manager, NSX policy and NSX controller
role were consolidated in a single unified appliance which can now be scaled to a
three-node cluster for redundancy and high availability. The desired stated is
replicated in the distributed persistence database, all configuration or operations can
be performed on any appliance:
NSX Manager Node performs several functions and essentially there are three roles,
besides the Distributed Persistence Database:
Management Plane
Policy Role:
Provides Network and Security Configuration across the environment and is
addressed from the new “Simplified UI” for achieving the desired state of the system.
• Receiving and validating the configuration from the NSX Policy (Role).
• Stores the configuration in the distributed persistent database (CorfuDB).
• Publishes the configuration to the Central Control Plane.
• Installs, manages and monitors the data plane components.
The CCP (Central Control Plane) maintains the realized state of the system and is
responsible for:
• Providing control plane functions i.e. Logical switching, routing and distributed
firewall.
• Computes all ephemeral runtime states received from the management plane.
• Pushes stateless configuration to the Local Control Plane (LCP) daemons
running on Transport node which in turn propagates down to the forwarding
engines.
The CCP uses a sharding mechanism to distribute the load between the controller
nodes i.e. each Transport node is assigned to a single controller node for L2, L3 and
distributed firewall configuration. However, each controller node receives
configuration updates from the management and data planes irrespectively, but only
applicable information is maintained, as illustrated in the image below:
Note: The “TN1, TN2, TN3, etc.” in the Image above are the Transport Nodes.
The Transport Node to Controller node mapping is done via an internal hashing
algorithm. When a controller node fails, the sharding table is re-calculated and the
load is re-distributed between the remaining controllers, the data plane traffic
continues to operate without disruption as illustrated in the image below:
The Transport Node TN3 and TN7 are now distributed to Manager 1 and Manager 2
controller plane respectively.