作者:李严省 QQ群:384423770
一、NSX Controller
The NSX controller is a user space VM that is deployed by the NSX manager. It is one of the core components of NSX and could be termed as the “distributed hive mind” of NSX. It provides a control plane to distribute network information to hosts. To achieve a high level of resiliency the NSX Controller is clustered for scale out and HA.
The NSX controller holds three primary tables. These are a MAC address table, ARP table and a VTEP table. These tables collate VM and host information together for each three tables and replicate this throughout the NSX domain. The benefit of such action is to enable multi-cast free VXLAN on the underlay. Previous versions of vCNS and other VXLAN enabled solutions required VXLAN enabled on the Top of Rack Switches or the entire physical fabric. This provided a significant administrative overhead and removing this alleviates a lot of complexity.
By maintaining these tables an additional benefit is ARP suppression. ARP suppression will allow for the reduction in ARP requests throughout the environment. This is important when layer two segments stretch across various L3 domains. If a segment requests the IP of a MAC address that isn’t on a local segment the host will have the replicated information in its tables pushed to it by the controller.
二、Roles and function
The NSX Controller has five roles:
API Provider, Persistence Server
Logical Manager
Switch Manager
Directory server
The API provider maintains the Web-services API which are consumed by NSX Manager. The Persistence server assures data preservation across nodes for data that must not be lost; network state information. Logical manager deals with the computation of policy and the network topology. The switch manager role will manage the hypervisors and push the relevent configuration to the host. The directory server will focus on VXLAN and the distributed logical routing directory of information.
Whilst each role needs a different master each role can be elected to sit on the same or different host. If a node failure occurs and there is no master for an elected role a new node is promoted to master after the election process.
Most deployment scenarios see three, five or seven controllers deployed. This is due to the controller running Zoo Keeper. A Zoo Keeper cluster, known as an ensemble, requires a majority to function and this is best achieved through an odd number of machines. This tie-breaker scenario is used in many cases and HA conditions during NSX for vSphere operations.
三、Slicing
In a rapidly dynamic environment that may see multiple changes per second how do you dynamically distribute workload across available clusters, re-arrange workloads when new cluster members are added and sustain failure without impact all while this occurs behind the scenes? Slicing.
A role is told to create x number of slices of it self. An application will collate its slices and assign the object to a slice. This ensures that no individual node can cause a failure of that NSX controller role.
When a failure of a Controller node occurs the slices that the controller is in charge of will be replicated and reproduced onto existing controllers. This ensures consistent network information and continuous state.
四、部署
1. "Installation"->"Management"->"NSX Controller Nodes",选择“+”号,表示添加NSX Controller Nodes
2. 选择“NSX Manager”、数据中心、资源池等信息,“Connected to”选择Controller虚拟机的管理网段,本测试环境所有管理网段全是VLAN 10,即192.168.10.0网段。“IP Pool”选项选择“Select”
3. 选择“+”,添加"IP Pool"
4. 按如下图所示输入“IP Pool”相关信息,其中“Prefix Legth”表示子网掩码位数。其它信息根据需要实际环境进行设置
5. 设置IP Pool的地址段
6. 选择刚创建的IP Pool
7. 输入密码,该密码复杂度要求比较高,该密码为admin用户密码,可以用于ssh到nsx controller进行配置
8. 自动生成NSX-Controller虚拟机
9. NSX-Controll正在启动
10. 通过SSH登录到NSX-Controller虚拟机,可以查看Controller集群状态
11. 查看该NSX-Controller的角色,目前集群中只有一台?NSX Controller虚拟机,为了确保NSX Controller高可用性,部署3台NSX Controller虚拟机,加入到同一个集群,形成高可用集群,不管哪个节点出现故障,都能正常提供对外服务。所以建议运行NSX Controll的vSphere集群至少包含三个ESXi主机,本测试环境只有一台ESXi主机,三个节点全在一个主机上运行,仅仅用于功能演示。
12. 选择“+”继续添加Controller节点
13. 设置相应的数据中心、资源池、存储等信息,选择相应的IP Pool
14. 显示警告,由于我把所有controller节点全放在一台ESXi主机上。在生产环境强烈不建议。
15. 继续添加第三个Controller节点
16. 完成3个Controller节点的添加,且全部自动添加到同一个Controller集群中。
17. 通过SSH登录到NSX Controller,显示集群内的三个节点
18. 至此完成NSX Controller部署,后续进行ESXi主机准备。
