NSX Controller is an advanced distributed state management system that provides control plane functions for NSX logical switching and routing functions. It serves as the central control point for all logical switches within a network and maintains information about all hosts, logical switches (VXLANs), and distributed logical routers. Controllers are required if you are planning to deploy 1) distributed logical routers or 2) VXLAN in unicast or hybrid mode.

About this task

No matter the size of the NSX deployment, each NSX Controller cluster should contain three controller nodes. Having a different number of controller nodes is not supported.

The cluster requires that each controller's disk storage system has a peak write latency of less than 300ms, and a mean write latency of less than 100ms. If the storage system does not meet these requirements, the cluster can become unstable and cause system downtime.

Caution:

While a controller status is Deploying, do not add or modify logical switches or distributed routing in your environment. Also, do not continue to the host preparation procedure. After a new controller is added to the controller cluster, all controllers are inactive for a short while (no more than 5 minutes). During this downtime, any operation related to controllers---for example, host preparation---might have unexpected results. Even though host preparation might seem to complete successfully, the SSL certification might not establish correctly, thus causing issues in the VXLAN network.

Prerequisites

  • Before deploying NSX Controllers, you must deploy an NSX Manager appliance and register vCenter with NSX Manager.

  • Determine the IP pool settings for your controller cluster, including the gateway and IP address range. DNS settings are optional. The NSX Controller IP network must have connectivity to the NSX Manager and to the management interfaces on the ESXi hosts.

Procedure

  1. Log in to the vSphere Web Client.
  2. Navigate to Networking & Security > Installation and Upgrade > Management > NSX Controller Nodes.
  3. Click Add.
  4. Enter the NSX Controller settings appropriate to your environment.

    NSX Controllers should be deployed to a vSphere Standard Switch or vSphere Distributed Switch port group which is not VXLAN based and has connectivity to the NSX Manager, other controllers, and to hosts via IPv4.

    For example, add a controller with the following settings:

    Field

    Example Value

    NSX Manager

    192.168.110.42

    Name

    controller-1

    Datacenter

    Datacenter Site A

    Cluster/Resource Pool

    Management & Edge Cluster

    Datastore

    ds-site-a-nfs 01

    Host

    esxmgt-01a.corp.local

    Folder

    NSX Controllers

    Connected To

    vds-mgt_Management

    IP Pool

    controller-pool

  5. If you have not already configured an IP pool for your controller cluster, configure one now by clicking Create New IP Pool or New IP Pool.

    Individual controllers can be in separate IP subnets, if necessary.

    For example, add an IP pool with the following settings:

    Field

    Example Value

    Name

    controller-pool

    Gateway

    192.168.110.1

    Prefix Length

    24

    Static IP Pool

    192.168.110.31-192.168.110.35

  6. Type and re-type a password for the controller.
    Note:

    Password must not contain the username as a substring. Any character must not consecutively repeat 3 or more times.

    The password must be at least 12 characters and must follow 3 of the following 4 rules:

    • At least one upper case letter

    • At least one lower case letter

    • At least one number

    • At least one special character

  7. After the first controller is completely deployed, deploy two additional controllers.

    Having three controllers is mandatory. We recommend configuring a DRS anti-affinity rule to prevent the controllers from residing on the same host.

Results

When successfully deployed, the controllers have a Connected status and display a green check mark.

If the deployment was not successful, see Deploying NSX Controllers in the NSX Troubleshooting Guide.

On the hosts where the NSX Controller nodes are first deployed, NSX enables automatic VM startup/shutdown. If the controller node VMs are later migrated to other hosts, the new hosts might not have automatic VM startup/shutdown enabled. For this reason, VMware recommends that you check all hosts in the cluster to make sure that automatic VM startup/shutdown is enabled. See "Edit Virtual Machine Startup and Shutdown Settings" in the vSphere Virtual Machine Administration documentation.

Example