NSX Controller is an advanced distributed state management system that provides control plane functions for NSX logical switching and routing functions. It serves as the central control point for all logical switches within a network and maintains information about all hosts, logical switches (VXLANs), and distributed logical routers. Controllers are required if you are planning to deploy 1) distributed logical routers or 2) VXLAN in unicast or hybrid mode.

No matter the size of the NSX Data Center for vSphere deployment, create three NSX Controller nodes in each NSX Controller cluster. Having a different number of controller nodes is not supported.

The cluster requires that each controller's disk storage system has a peak write latency of less than 300 ms, and a mean write latency of less than 100 ms. If the storage system does not meet these requirements, the cluster can become unstable and cause a system downtime.

Caution: While a controller status is Deploying, do not add or modify logical switches or distributed routing in your environment. Also, do not continue to the host preparation procedure. After a new controller is added to the controller cluster, all controllers are inactive for a short while (no more than 5 minutes). During this downtime, any operation related to controllers, such as host preparation, might have unexpected results. Even though host preparation might seem to finish successfully, the SSL certification might not establish correctly, causing problem in the VXLAN network.
Starting in NSX Data Center for vSphere 6.4.2, you can configure DNS, NTP, and syslog servers for the NSX Controller cluster. The same settings apply to all NSX Controller nodes in the cluster. You can configure these settings before you have any NSX Controller nodes deployed, or any time after they are deployed. See "Configure DNS, NTP, and Syslog for the NSX Controller Cluster" in the NSX Administration Guide for more information.
Important: If you have an invalid configuration (for example, unreachable NTP servers), and then deploy a controller, the controller node deployment fails. Verify and correct the configuration and deploy the controller node again.

The NSX Controller cluster DNS settings override any DNS settings configured on the controller IP pool.


  • Verify that an NSX Manager appliance is deployed and registered with a vCenter Server system.
  • Determine the IP pool settings for your controller cluster, including the gateway and IP address range. DNS settings are optional. The NSX Controller IP network must have connectivity to the NSX Manager and to the management interfaces on the ESXi hosts.


  1. Log in to the vSphere Web Client.
  2. Navigate to Networking & Security > Installation and Upgrade > Management > NSX Controller Nodes.
  3. In NSX Data Center for vSphere 6.4.2 and later, select the appropriate NSX Manager from the NSX Manager drop-down menu.
    Note: In NSX Data Center for vSphere 6.4.1 and earlier, you can select the NSX Manager after you click Add.
  4. Click Add.
  5. Enter the NSX Controller settings appropriate to your environment.

    For example, add a controller with the following settings:

    Field Example Value
    NSX Manager
    Name controller-1
    Datacenter Datacenter Site A
    Cluster/Resource Pool Management & Edge Cluster
    Datastore ds-site-a-nfs 01
    Host esxmgt-01a.corp.local
    Folder NSX Controllers
    Connected To vds-mgt_Management
    IP Pool controller-pool
    Connect the NSX Controller nodes to a vSphere Standard Switch or vSphere Distributed Switch port group which is not VXLAN-based, and has connectivity over IPv4 to the NSX Manager, other controllers, and to hosts.
  6. If you have not already configured an IP pool for your controller cluster, configure one now by clicking Create New IP Pool or New IP Pool.

    Individual controllers can be in separate IP subnets, if necessary.

    For example, add an IP pool with the following settings:

    Field Example Value
    Name controller-pool
    Prefix Length 24
    Static IP Pool
  7. Enter and reenter a password for the controller.
    Note: Password must not contain the username as a substring. Any character must not consecutively repeat three or more times.
    The password must be at least 12 characters and must follow three of the following four rules:
    • At least one uppercase letter
    • At least one lowercase letter
    • At least one number
    • At least one special character
  8. After the deployment of the first controller is finished, deploy two additional controllers.

    Having three controllers is mandatory. Configure a DRS anti-affinity rule to prevent the controllers from residing on the same host.


When successfully deployed, the controllers have a Connected status and display a green check mark.

If the deployment is not successful, see "NSX Controller Deployment Issues" in the NSX Troubleshooting Guide.

During NSX Controller node deployment, automatic VM startup/shutdown is enabled on the hosts where the controller nodes are deployed. If the controller node VMs are later migrated to other hosts, the new hosts might not have automatic VM startup/shutdown enabled. For this reason, check all hosts in the cluster to make sure that automatic VM startup/shutdown is enabled. See "Edit Virtual Machine Startup and Shutdown Settings" in the vSphere Virtual Machine Administration documentation.