To provide fault tolerance and high availability to NSX Manager nodes, assign a virtual IP address (VIP) to a member of the NSX-T cluster.

NSX Manager nodes of a cluster become part of an HTTPS group to service API and UI requests. The leader node of the cluster assumes ownership of the set VIP of the cluster to service any API and UI request. Any API and UI request coming in from clients is directed to the leader node.

Note:

When assigning Virtual IP, all the NSX Manager VMs in the cluster must be configured in the same subnet.

If the leader node that owns VIP becomes unavailable, NSX-T elects a new leader. The new leader owns the VIP. It sends out a gratuitous ARP packet advertising the new VIP to MAC address mapping. After a new leader node is elected, new API and UI requests are sent to the new leader node.

Failover of VIP to a new leader node of the cluster might take a few minutes to become functional. If the VIP fails over to a new leader node because the previous leader node became unavailable, reauthenticate credentials so that API requests are directed to the new leader node.

Note: VIP is not designed to serve as a load-balancer and you cannot use it if you enable the vIDM External Load Balancer Integration from System > Users > Configuration. Do not set up a VIP if you want to use the External Load Balancer from vIDM. See Configure VMware Identity Manager Integration in the NSX-T Data Center Administration Guide for more details.
Important: If you reset the cluster VIP, then vIDM configurations that are using the VIP is cleared. You will need to reconfigure vIDM configuration with the new VIP.

Procedure

  1. From a browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Go to System > Appliances.
  3. In the Virtual IP field, click Set Virtual IP.
  4. Enter the VIP for the cluster. Ensure that VIP is part of the same subnet as the other management nodes.
  5. Click Save.
  6. To verify the cluster status and the API leader of the HTTPS group, enter the NSX Manager CLI command get cluster status verbose in the NSX Manager console or over SSH.
    The following is an example output with the leader marked in bold.
    Group Type: HTTPS
    Group Status: STABLE
    
    Members:
        UUID                                       FQDN                  IP               STATUS          
        cdb93642-ccba-fdf4-8819-90bf018cd727       nsx-manager       192.196.197.84        UP              
        51a13642-929b-8dfc-3455-109e6cc2a7ae       nsx-manager       192.196.198.156       UP              
        d0de3642-d03f-c909-9cca-312fd22e486b       nsx-manager       192.196.198.54        UP              
    
    Leaders:
        SERVICE                                    LEADER                                     LEASE VERSION                   
        api                                        cdb93642-ccba-fdf4-8819-90bf018cd727       8
  7. Verify that the VIP is working correctly.
    From a browser, log in to the NSX Manager using the virtual IP address assigned to the cluster at https://<vip-address>.

Results

Any API requests to NSX-T are redirected to the virtual IP address of the cluster, which is owned by the leader node. The leader node then routes the request forward to the other components of the appliance.