NSX-T 3.0 was a monumental release for VMware providing a ton of wealth of new features in the platform. Although I won’t list all of the new features, the main highlights from the release, which I will cover in more details in separate posts, are:
- NSX Federation – Simplified networking and security across multiple sites
- Distributed IDS – Fully distributed IDS without having to architect your environment
- Support for VDS 7.0 – Ability to run on a vSphere VDS instead of the N-VDS
- Support for bare metal Windows 2016 servers
- URL Analysis – Classification and reputation scores
- L3 EVPN for telco environments
- NSX-T as the networking and security platform for vSphere with K8s aka Project Pacific
For a full list of new features, click here.
Let’s dive into the steps for upgrading. I will be reference the NSX-T 3.0 upgrade guide as I run through it. Please be sure to check the guide to operational impacts, supported hypervisor versions, best practices, and more. There are a few things I will not cover, for example, upgrades to KVM, or bare metal instances.
A high level set of steps is to Upgrade the NSX Edge Cluster -> Upgrade the ESXi host vibs, and then upgrade the Management plane. During the upgrade of the edge cluster, there may be traffic interruption of N-S traffic, E-W traffic between T1 routers, and L2/L3 depending on the architecture. During the host upgrade, the hosts will be placed in maintenance mode and VMs migrated off, so there will be no impact. Finally, during management plane upgrade, the UI and API will be unavailable temporarily so no changes can be made.
Step 1. Run a new backup of NSX manager so everything is current.
Step 2. Provision a secondary disk of 100GB on all NSX Managers. Log into vSphere and add a new disk.
Step 3. Download the NSX-T Data Center Upgrade Bundle, navigate to System -> Upgrade and upload the .mub file.
Step 4. Accept the EULA and Click Begin Upgrade to to update the Upgrade Coordinator. This step appears to take about 5 minutes, just be patient and try not to refresh the browser, it will come back automatically.
Step 5. Click Run Pre Checks to make sure components are connected, versions are compatible, and everything is ready to go.
I hit two different issues during this step. One was that I didn’t backup my NSX Manager in last two days, need to take my own advice 🙂 and two was that I had to restart the NSX-upgrade-agent on my edge node.
If you run into this issue, simply SSH into your edge nodes and run the following command.
restart service nsx-upgrade-agent
Step 6. Upgrade your edges. In my case, I just have one edge, which is not best practice. If you have multiple edges you can decide to do a Serial upgrade or Parallel upgrade. Serial will upgrade the edge clusters sequentially once each cluster completes, Parallel will upgrade multiple clusters simultaneously (serially for the edges within each cluster).
Step 7. Upgrade your ESXi hosts. You will be given the same options for serial or parallel on the ESXi host clusters. I only have one cluster with two ESXi hosts and decided to do an in place upgrade so that hosts wouldn’t have to go into maintenance mode and migrate the VMs. If you want to do this, make sure to edit the group and select “In-Place.”
Step 7. Finally, upgrade your management nodes. Be patient with this as well, it took several minutes and I got error messages when trying to refresh the GUI too quickly. Once services are back up, you can log in and check the upgrade status. Once everything starts to come back, head over to the System > Upgrade page to confirm the upgrade is complete!
Now that I am upgraded to NSX-T 3.0, I will be able to use the new IDS feature which I will be covering in my next post!