VMware NSX part 3 之 NSX Controller部署

作者：李嚴省 QQ羣：384423770

一、NSX Controller

The NSX controller is a user space VM that is deployed by the NSX manager. It is one of the core components of NSX and could be termed as the “distributed hive mind” of NSX. It provides a control plane to distribute network information to hosts. To achieve a high level of resiliency the NSX Controller is clustered for scale out and HA.

The NSX controller holds three primary tables. These are a MAC address table, ARP table and a VTEP table. These tables collate VM and host information together for each three tables and replicate this throughout the NSX domain. The benefit of such action is to enable multi-cast free VXLAN on the underlay. Previous versions of vCNS and other VXLAN enabled solutions required VXLAN enabled on the Top of Rack Switches or the entire physical fabric. This provided a significant administrative overhead and removing this alleviates a lot of complexity.

By maintaining these tables an additional benefit is ARP suppression. ARP suppression will allow for the reduction in ARP requests throughout the environment. This is important when layer two segments stretch across various L3 domains. If a segment requests the IP of a MAC address that isn’t on a local segment the host will have the replicated information in its tables pushed to it by the controller.

二、Roles and function

The NSX Controller has five roles:

API Provider, Persistence Server
Logical Manager
Switch Manager
Directory server

The API provider maintains the Web-services API which are consumed by NSX Manager. The Persistence server assures data preservation across nodes for data that must not be lost; network state information. Logical manager deals with the computation of policy and the network topology. The switch manager role will manage the hypervisors and push the relevent configuration to the host. The directory server will focus on VXLAN and the distributed logical routing directory of information.

Whilst each role needs a different master each role can be elected to sit on the same or different host. If a node failure occurs and there is no master for an elected role a new node is promoted to master after the election process.

Most deployment scenarios see three, five or seven controllers deployed. This is due to the controller running Zoo Keeper. A Zoo Keeper cluster, known as an ensemble, requires a majority to function and this is best achieved through an odd number of machines. This tie-breaker scenario is used in many cases and HA conditions during NSX for vSphere operations.

三、Slicing

In a rapidly dynamic environment that may see multiple changes per second how do you dynamically distribute workload across available clusters, re-arrange workloads when new cluster members are added and sustain failure without impact all while this occurs behind the scenes? Slicing.

A role is told to create x number of slices of it self. An application will collate its slices and assign the object to a slice. This ensures that no individual node can cause a failure of that NSX controller role.

When a failure of a Controller node occurs the slices that the controller is in charge of will be replicated and reproduced onto existing controllers. This ensures consistent network information and continuous state.

四、部署

1. "Installation"->"Management"->"NSX Controller Nodes"，選擇“+”號，表示添加NSX Controller Nodes

2. 選擇“NSX Manager”、數據中心、資源池等信息，“Connected to”選擇Controller虛擬機的管理網段，本測試環境所有管理網段全是VLAN 10，即192.168.10.0網段。“IP Pool”選項選擇“Select”

3. 選擇“+”，添加"IP Pool"

4. 按如下圖所示輸入“IP Pool”相關信息，其中“Prefix Legth”表示子網掩碼位數。其它信息根據需要實際環境進行設置

5. 設置IP Pool的地址段

6. 選擇剛創建的IP Pool

7. 輸入密碼，該密碼複雜度要求比較高，該密碼爲admin用戶密碼，可以用於ssh到nsx controller進行配置

8. 自動生成NSX-Controller虛擬機

9. NSX-Controll正在啓動

10. 通過SSH登錄到NSX-Controller虛擬機，可以查看Controller集羣狀態

11. 查看該NSX-Controller的角色，目前集羣中只有一臺？NSX Controller虛擬機，爲了確保NSX Controller高可用性，部署3臺NSX Controller虛擬機，加入到同一個集羣，形成高可用集羣，不管哪個節點出現故障，都能正常提供對外服務。所以建議運行NSX Controll的vSphere集羣至少包含三個ESXi主機，本測試環境只有一臺ESXi主機，三個節點全在一個主機上運行，僅僅用於功能演示。