Network Virtualization with VMware NSX – Part 8

Let’s back into NSX mode again 🙂 In my last blog Network Virtualization with VMware NSX – Part 7 discussed about Network Address Translation (NAT) and Load Balancing with NSX Edge Gateway. Here in Network Virtualization with VMware NSX – Part 8 will discuss about High Availability of the NSX Edge.

High Availability

High Availability (HA) ensures that NSX Edge appliance is always available by installing an active pair of Edges on your virtualized infrastructure. We can enable HA either when installing NSX Edge appliance or after installing NSX Edge appliance.

The primary NSX Edge appliance is in the Active State and the Secondary Appliance is in Standby State. NSX Edge replicates the configuration of the primary appliance to the standby appliance. VMware recommends create the primary and secondary appliances on separate datastores. If you create the primary and secondary appliances on the same datastore, the datastore must be shared across all hosts in the cluster for the HA appliance pair to be deployed on different ESX hosts.

All NSX Edge services run on the active appliance. The primary appliance maintains a heartbeat with the standby appliance and sends service updates through an internal interface. If a heartbeat is not received from the primary appliance within the specified time (default value is 15 seconds), the primary appliance is declared dead. The standby appliance moves to the active state, takes over the interface configuration of the primary appliance, and starts the NSX Edge services that were running on the primary appliance. After switch over Load Balancer and VPN services need to re-establish TCP connection with NSX Edge, so service is disrupted for a short while. Logical switch connections and firewall sessions are synched between the primary and standby appliances, so there is no service disruption during switch over.

If the NSX Edge appliance fails and a bad state is reported, high availability force-synchronizes the failed appliance to revive it. When the appliance is revived, it takes on the configuration of the now active appliance and stays in a standby state. If the NSX Edge appliance is dead, you must delete the appliance and add an appliance.

NSX Edge ensures that the two HA NSX Edge virtual machines are not on the same ESX host even after you use DRS and vMotion (unless you manually vMotion them to the same host).

Now let’s verify HA settings and Configure High Availability for NSX Edge :-

1. Login to the web Client –> Home –> Networking and Security –> NSX Edges –> Double click either Logical Router or NSX Edge Services Router.HA1

2. It will open up the selected device. Click Manage –> Settings –> Configuration –> And under HA Configuration you can see HA Status is DISABLED. Same way you can check for Logical Router.HA2

3. Same can be verify from Management Cluster where we have deployed NSX Edge appliances. you can see in the below screenshot that only one instance of Edge Services Router (Edge Services Router-0) and One instance of Logical Router (Logical-Router-0) is running.HA3

4. Now let’s enabled HA for NSX Edge. Click Manage –> Settings –> Configuration –> And under HA Configuration –> Click Change.HA4

5. Change HA Configuration window will open up, Select HA Status –> Enable, Select vNIC, enter Declare Dead Time (Default is 15 Seconds), And enter the management IP for Heartbeat for both nodes and Click OK.HA5

6. It will take few seconds and you can see HA Status under HA Configuration is showing now Enabled.HA6

7. Let’s go to Management Cluster to see the number of Nodes. Now you can see that there are two instances up and running. Edge Services Router (Edge Services Router-0 and Edge Services Router-1)HA7

8. That’s it. Now NSX Edge Services Router is running is HA mode, If Active node will fail standby node will take over after 15 seconds. Same way we can enable HA for Logical Router. I have added screenshot for Logical Router.HA8

HA9

HA10

HA119. Once you have enabled HA for NSX Edge. You can putty to NSX edge and verify the Active Node and Standby Node by running Show Service highavailability command. Let me connect to and run this command to verify.

You can see in below result that This node (vshield-edge-4-0) is Active and vshield-edge-4-1 is peer host means Standby Node.HA14

10. Now let’s shut down the vshield-edge-4-0 and run the Show Service highavailability command again.

Now you can see in below result that vshield-edge-4-1 is Active and vshield-edge-4-0 is unreachable.HA15

11. Now let’s Power On the vshield-edge-4-0 and run the command again.

Now you can see in below result that vshield-edge-4-1 is Active and vshield-edge-4-0 is peer host means Standby Node.HA16

That’s It !! This is how we can enable HA and test failover for NSX Edge.

Thank You and Keep sharing :)

—————————————————————————————————

Other NSX Parts:-

Network Virtualization with VMware NSX – Part 1

Network Virtualization with VMware NSX – Part 2

Network Virtualization with VMware NSX – Part 3

Network Virtualization with VMware NSX – Part 4

Network Virtualization with VMware NSX – Part 5

Network Virtualization with VMware NSX – Part 6

Network Virtualization with VMware NSX – Part 7

Network Virtualization with VMware NSX – Part 8

Leave a Reply

Your email address will not be published. Required fields are marked *

*