I’m going to be looking at the instructions for the NSX upgrade today.
Interestingly, it clearly states to review the release notes to ensure a successful upgrade. I’ve already done that in my previous post which is here.
I see a word of caution that NSX functionality is affected during the upgrade. Let’s find out what document it points us to. LINK
The title is Operational Impact of NSX Upgrade.
Here is a breakdown of what VMware recommends we do:
- Upgrade all components within a single outage window
- Upgrade the components in this order:
NSX Manager —> NSX Controller Cluster —> NSX Host Clusters —> Distributed (Logical) Routers —> Guest Introspection
You will notice the layout of the document follows the order which is specified above.
Now, my intent is not to just copy/paste then entire documents here. You can go ahead and read the document in its entirety. I want to raise only the critical steps.
For NSX manager update:
- Always Upgrade the primary NSX manager first
- No one will be able to make changes via API while upgrading
- No communication to VMs is disrupted.
- New VMs will not be able to communicate out until after the upgrade
- Don’t make any changes, hold off until the upgrade is done.
For Controller Cluster upgrade
- Upgrading the NSX manager has to be done first.
- Upgrade the controller cluster immediately after upgrading all NSX manager sites.
- Do not make any changes during the upgrade. Hold off until after the upgrade to all components is done.
For NSX Host upgrades
- You can upgrade the host cluster in a separate window than the NSX manager and host cluster.
- One critical note: if you do upgrade some hosts and not others then you could get into a situation where different versions of Distributed Firewall will prevent VMs from communicating. Migrating VMs from older to a newer version of the software offers best results.
For the NSX Edge upgrade
- Edge Services Gateways can be upgraded at any time after the NSX Manager upgrade.
- Edges can be upgraded in a separate window as the NSX Manager, NSX Controller Cluster, and host clusters.
- You can upgrade the ESG even if the hosts haven’t been upgraded.
- That action will lead to some ESG tasks being blocked.
- Packet forwarding will be interrupted
For Guest Introspection upgrade
- All components need to be upgraded before Guest Introspection can be upgraded.
- During the upgrade process, the VMs will not be protected.
Other relevant advice
- Backup your NSX manager, I would add test your backup. You don’t want to be in a bad spot where your backup is worthless.
- verify the health of your NSX manager file system. The documentation contains the commands to do so.
- Verify the health of your networking environment. Fix outstanding issues before upgrading.
- Check licensing, the licensing model has changed so you need to make sure you won’t be left out of critical features being used.
- Gauge how long the upgrade will take. Upgrading is a multi-step process where there are points of where you can’t stop the upgrade otherwise, functionality will be impacted.
- Use the upgrade checklist. It’s a good way to prepare your environment for the upgrade. Staying organized and having a good plan will make things go smoothly.