Overview:
High Availability in both VSE and NSX Edges ensures Edge Network Services are always available by deploying a pair of Edge Appliances that work together in an active/passive HA cluster Pair. The primary appliance is in the active state and the secondary appliance is in the standby state. The configuration of the primary appliance is replicated to the standby appliance.
All Edge services run on the active appliance. The primary appliance maintains a heartbeat with the standby appliance and sends service updates through an internal interface. Declared Dead Time is used to work out via Heartbeating between both appliances when a HA event should take place. If the primary is declared dead the standby appliance moves to the active state and takes over the interface configuration of the primary.
For both NSX and VSE managed via the NSX Manager, HA can be triggered by the vCenter Web Client or API. The VSE can also have HA triggered through the vCloud Director UI or API.
Configuring NSX/VSE HA From Web Client:
Double Click on the Edge under the NSX Edge Menu Option in Networking and Security, In the Settings Tab under Configuration click on Change in the HA Configuration Box
Click on Enable and leave the rest of the settings as default. You do have the option to select the vNIC if multiple Interfaces exist. Leaving it as default if a safe option. Almost all documentation I have written on the default Declare Dead Time states that it is 6 seconds, however in the Web Client it defaults to 15. You also have the ability to configure specific IPs to use as Management or Cluster IPs for each HA Pair.
At this point a second Edge Appliance will be deployed into the vCenter and you will see an Edge appliance with -1 appended to the name. As shown below the NSX Manager will initiate the creation of a DRS Anti Affinity Rule to keep the Edges separate
Shown above is an example of both an NSX and vShield Edge and their anti affinity rule configured.
NOTE: For the HA settings to be applied to both Appliances at least one Interface (excluding Uplink) needs to be configured. If you don’t have an Interface configured the HighAvailability Service status on the Edge will be set to not running.
Configuring VSE HA From vCloud Director UI:
Depending on your Level of access to External Networks, right click on the Edge in the vCD UI and click on the Enable High Availability Check Box as shown below.
Enabling/Disabling/Viewing NSX/VSE HA With REST API
Below are the key API commands to configure and manage HA.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
Enabling HA Mode API Enable NSX HA # ENABLING HA # API CALL: https://NSX-MGR-IP/api/4.0/edges/edge-id/highavailability/config # METHOD: PUT # CONTENT-TYPE: application/xml #BASIC DEFAULT <highAvailability> <enabled>true</enabled> </highAvailability> #ALL OPTIONS <highAvailability> <vnic>1</vnic> <!-- Optional. User can provide the vNic Index. If not provided, the first internal-connected vnic will be used as the vnic --> <ipAddresses> <!-- Optional. It is a pair of ipAddresses with /30 subnet mandatory, one for each appliance. If provided, they must NOT overlap with any subnet defined on the Edge vNics. If not specified, a pair of ips will be picked up from reserved subnet 169.254.0.0/16. --> <ipAddress>192.168.10.1/30</ipAddress> <ipAddress>192.168.10.2/30</ipAddress> </ipAddresses> <declareDeadTime>6</declareDeadTime> <!-- Optional. Default is 6 seconds --> <enabled>true<enabled> <!-- optional, defaults to true. The enabled flag will cause the HA appliance be deployed or destroyed. --> </highAvailability> |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
GET NSX HA STATUS # GETTING HA STATUS # API CALL: https://NSX-MGR-IP/api/4.0/edges/edge-id/highavailability/config # METHOD: GET #EXAMPLE RESPONSE <?xml version="1.0" encoding="UTF-8" ?> <highAvailability> <version>6</version> <enabled>true</enabled> <vnic>any</vnic> <ipAddresses> <ipAddress>10.0.0.1/30</ipAddress> <ipAddress>10.0.0.2/30</ipAddress> </ipAddresses> <declareDeadTime>15</declareDeadTime> <logging> <enable>false</enable> <logLevel>info</logLevel> </logging> <security> <enabled>false</enabled> </security> </highAvailability> |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
VIEWING NSX EDGE HA PAIR # VIEWING NSX EDGE HA PAIR # API CALL: https://NSX-MGR-IP/api/4.0/edges/edge-id/appliances # METHOD: GET #EXAMPLE RESPONSE <?xml version="1.0" encoding="UTF-8" ?> <appliances> <applianceSize>compact</applianceSize> <appliance> <highAvailabilityIndex>0</highAvailabilityIndex> <vcUuid>503c13cd-6092-9419-e8c2-409a7b9a0c46</vcUuid> <vmId>vm-56900</vmId> <resourcePoolId>resgroup-52559</resourcePoolId> <resourcePoolName>Edges_001</resourcePoolName> <datastoreId>datastore-26284</datastoreId> <datastoreName>SAN02</datastoreName> <hostId>host-26021</hostId> <hostName>node-102</hostName> <vmFolderId>group-v142</vmFolderId> <vmFolderName>Service VMs</vmFolderName> <vmHostname>vShield-edge-264-0</vmHostname> <vmName>DC_1120761-0</vmName> <deployed>true</deployed> <edgeId>edge-264</edgeId> </appliance> <appliance> <highAvailabilityIndex>1</highAvailabilityIndex> <vcUuid>503c9a6d-4e17-eb8e-526d-8b8cf8b2917f</vcUuid> <vmId>vm-62522</vmId> <resourcePoolId>resgroup-52559</resourcePoolId> <resourcePoolName>Edges_001</resourcePoolName> <datastoreId>datastore-26284</datastoreId> <datastoreName>SAN02</datastoreName> <hostId>host-22960</hostId> <hostName>node-026</hostName> <vmFolderId>group-v142</vmFolderId> <vmFolderName>Service VMs</vmFolderName> <vmHostname>vShield-edge-264-1</vmHostname> <vmName>DC_1120761-1</vmName> <deployed>true</deployed> <edgeId>edge-264</edgeId> </appliance> <deployAppliances>true</deployAppliances> </appliances> |
|
1 2 3 4 5 6 7 8 9 10 |
DISABLING NSX HA # DISABLING HA # API CALL: https://NSX-MGR-IP/api/4.0/edges/edge-id/highavailability/config # METHOD: PUT # CONTENT-TYPE: application/xml #BASIC DEFAULT <highAvailability> <enabled>false</enabled> </highAvailability> |
There is is nothing fundamentally enhanced in the NSX HA vs VSE, it’s a simple…easy to enable feature that adds a level of availability to Edge Networking services.
Sources and More Reading:
http://nsxtech.net/2014/09/20/understanding-high-availability-on-the-nsx-edge-services-gateway/
http://lostdomain.org/2014/10/18/vmware-nsx-best-practices-from-vmworld/
