This post was updated at 18.10.14
Host Preparation overview
This next overview of Host Preparation was taken from great work of Max Ardica and Nimish Desai in the official NSX Design Guide:
The NSX Manager is responsible for the deployment of the controller clusters and for the ESXi host preparation, installing on those the various vSphere Installation Bundles (VIBs) to enable VXLAN, Distributed Routing, Distributed Firewall and a user world agent used to communicate at the control plane level. The NSX Manager is also responsible for the deployment and configuration of the NSX Edge Services Gateways and associated network services (Load Balancing, Firewalling, NAT, etc). Those functionalities will be described in much more detail in following sections of this paper.
The NSX Manager also ensures security of the control plane communication of the NSX architecture by creating self-signed certificates for the nodes of the controller cluster and for each ESXi hosts that should be allowed to join the NSX domain. The NSX Manager installs those certificates to the ESXi hosts and the NSX Controller(s) over a secure channel; after that, mutual authentication of NSX entities occurs by verifying the certificates. Once this mutual authentication is completed, control plane communication is encrypted.
Note: in NSX-v software release 6.0, SSL is disabled by default. In order to ensure confidentiality of the control-plane communication, it is recommended to enable SSL via an API call. From 6.1 release the default value is changed and SSL is enabled.
In terms of resiliency, since the NSX Manager is a virtual machine, the recommendation is to leverage the usual vSphere functionalities as vSphere HA to ensure that the NSX Manager can be dynamically moved should the ESXi hosts where it is running occur a failure. It is worth noticing that such failure scenario would temporarily impact only the NSX management plane, while the already deployed logical networks would continue to operate seamlessly.
Note: the NSX Manager outage may affect specific functionalities (when enabled) as for example Identity Based Firewall (since it won’t be possible to resolve usernames to AD groups), and flow monitoring collection.
Finally, NSX Manager data, including system configuration, events and audit log tables (stored in the internal data base), can be backed up at any time by performing an on-demand backup from the NSX Manager GUI and saved to a remote location that must be accessible by the NSX Manager. It is also possible to schedule periodic backups to be performed (hourly, daily or weekly). Notice that restoring a backup is only possible on a freshly deployed NSX Manager appliance that can access one of the previously backed up instances.
Successful host preparation on a cluster will do the following:
- Install network fabric VIBs (host kernel components) on esx hosts in the cluster.
- Configure host messaging channel for communication with NSX manager.
- Make hosts ready for Distributed Firewall, VXLAN & VDR configuration.
UWA = Uer Wordl Agent is a TCP (SSL) client that communicates with the Controller using the control plane protocol.
The UWA Communicates with message bus agent to retrieve control plane related information from NSX Manager
We can think of the UWA as a middleware between the ESX kernel module to the NSX Controller.
The deployment of UWA steps:
- The agent is packaged into VXLAN VIB (vSphere Installation Bundle)
- Installed by NSX Manager via EAM (ESX Agency Manager) during host preparation
- Runs as a service daemon on ESXi: netcpa
VTEP (VXLAN Tunnel End Point)
- VMkernel interface which serves as the endpoint for encapsulation/de-encapsulation of VXLAN traffic
- Collect network information, which is then reported to the Controller via User World Agent (UWA)
Preparing the ESX Host’s
Both UWA and VTEP installing to ESX host’s in easy step’s, click on install button 🙂
We will do it for Both Cluster’s Management and Compute.
After few Sec We will get this result’s:
If you face issue with Host Preparation you can read this post NSX-v Host Preparation
We can verify from CLI the status of the UWA and VXLAN. SSH to ESX-COMP-1.nsx.local
UWA status verification
From esxtop we can see the demon running:
In NSX we have 3 different VIB
vib names are:
Verify VXLAN VIB is installed:
esxcli software vib get –vibname esx-vxlan
Summery of Part 3 System Level Architecture
We install the UWA and VXLAN VIB, the result’s of this step’s from high level view:
- NSX Manager deploys Controllers and prepares vSphere Clusters for VXLAN
- Controllers are clustered for scale out and high availability
- VTEPs collect network information, which is then reported to the Controller via User World Agent (UWA)