Preparing to Upgrade NSX

Operational Impact of the NSX Installation

The duration for the NSX upgrade process depends on the number of components you have to upgrade in your infrastructure. It is important to understand the operational state of NSX components during an upgrade. 

The upgrade process is as follows:  

  1. NSX Edge cluster  
  2. Hosts  
  3. Management plane  

You have the flexibility to change the order of upgrade for your edge clusters and hosts. You can alternate between groups of hosts and groups of edge nodes during upgrade. The NSX Manager is upgraded only after all the edges and hosts have been upgraded.  

NSX Edge Cluster Upgrade 

During Upgrade After Upgrade
  • During the NSX Edge upgrade, you might experience the following traffic interruption:
    • North-south datapath is affected if the NSX Edge is part of the datapath.
    • East-west traffic between tier-1 routers using NSX Edge firewall, NAT, or load balancing.
    • Temporary Layer 2 and Layer 3 interruption.
  • Configuration changes are not blocked on NSX Manager but might be delayed.
  • Configuration changes are allowed.
  • Upgraded NSX Edge cluster is compatible with the older versions of the Management plane and the hosts.
  • New features introduced in the upgrade are not configurable until the Management plane is upgraded.
  • Run post checks to make sure that the upgraded NSX Edge cluster and NSX do not have any problems.

Hosts Upgrade 

During Upgrade After Upgrade
  • For standalone ESXi hosts or ESXi hosts that are part of a disabled DRS cluster, place hosts in maintenance mode.

    For ESXi hosts that are part of a fully enabled DRS cluster, if the host is not in maintenance mode, the upgrade coordinator requests the host to be put in maintenance mode. The vSphere DRS tool migrates the VMs to another host in the same cluster during the upgrade and places the host in maintenance mode.

  • For ESXi host, for an in-place upgrade you do not need to power off the tenant VMs.
  • For VMs attached to an NSX logical switch or VMs connected to the distributed portgroup of a VDS prepared for NSX for vSphere, vmotion of VMs is not supported from and to the host on which an upgrade is in progress. Creating new VMs is also not supported on hosts on which an upgrade is in progress.
  • Configuration changes are allowed on NSX Manager.
  • Power on or return the tenant VMs of standalone ESXi hosts or ESXi hosts that are part of a disabled DRS cluster that were powered off before the upgrade.
  • New features introduced in the upgrade are not configurable until the Management plane is upgraded.
  • Run post checks to make sure that the upgraded hosts and NSX do not have any problems.

Management Plane Upgrade

During Upgrade After Upgrade

When upgrading from NSX 3.1.x, 3.2, or 3.2.0.1:

  • Do not make any configuration changes during the Management plane upgrade.
  • API service is momentarily unavailable.
  • User interface is unavailable for a short period.
  • Configuration changes are allowed.
  • New features introduced in the upgrade are configurable.
  • You need a valid license to use licensed features like T0, T1, Segments, and NSX intelligence.
  • From the Upgrade Coordinator, verify that the upgrade process has completed. Perform configuration tasks only after the upgrade process is complete.

Pre-Upgrade Tasks

  1. Run the NSX Upgrade Evaluation Tool before you begin the upgrade process. The tool is designed to ensure success by checking the upgrade readiness of your NSX Manager nodes. For more information on the tool, see the VMware knowledge base article at https://kb.vmware.com/s/article/87379.

    For upgrade to NSX version 4.0.1.1 and later, the checks performed by the Upgrade Evaluation Tool are run by NSX as part of the upgrade pre-check.

  2. Ensure that your transport node profiles have the appropriate transport zones added to them. NSX Manager may not display the list of transport node profiles if any of the transport node profiles do not have transport zones added to them.
  3. Ensure that you backup the NSX Manager before you start the upgrade process. See the NSX Administration Guide
  4. Ensure that your host OS is supported for NSX Manager. See Supported Hosts for NSX Managers in the the NSX Administration Guide.
  5. Disable automatic backups before you start the upgrade process. See the the NSX Administration Guide for more information on configuring backups.
  6. Terminate any active SSH sessions or local shell scripts that may be running on the NSX Manager or the NSX Edge nodes, before you begin the upgrade process.
  7. Ensure that the appropriate communication ports are open from the Transport and Edge nodes to the NSX Manager nodes. For more information on ports, see https://ports.esp.vmware.com/home/NSX.
  8. You need a valid license to use licensed features like T0, T1, Segments, and NSX intelligence. Ensure that you have a valid license.
  9. Delete all expired user accounts before you begin upgrade. Upgrade for NSX on vSphere fails if your exception list for vSphere lockdown mode includes expired user accounts. For more information on accounts with access privileges in lockdown mode, see Specifying Accounts with Access Privileges in Lockdown Mode in the vSphere Security Guide.

Upgrading Your Host OS

To avoid problems during the host upgrade, your host OS must be supported in NSX.

If the version of your host OS is unsupported, you can manually upgrade the host OS to the supported version. See Supported Upgrade Paths.

Upgrade ESXi Host

  • If your ESXi host is unsupported, manually upgrade your ESXi host to the supported version. [Read more]

Verify the Current State of NSX

Before you begin the upgrade process, it is important to test the NSX working state. Otherwise, you cannot determine if the upgrade caused post-upgrade problems of if the problem existed before the upgrade.  

Procedure: 

  1. Identify and record the administrative user IDs and passwords. 
  2. Verify that you can log in to the NSX Manager web user interface. 
  3. Check the Dashboard, system overview, host transport nodes, edge transport nodes, NSX Edge cluster, transport nodes, HA status of the edge, and all logical entities to make sure that all the status indicators are green, deployed, and do not show any warnings. 
  4. Validate North-South connectivity by pinging out from a VM. 
  5. Validate that there is an East-West connectivity between any two VMs in your environment. 
  6. Record BGP states on the NSX Edge devices. 
    • get logical-routers 
    • vrf <vrf> 
    • get bgp 
    • get bgp neighbor 

Download the NSX Upgrade Bundle

The upgrade bundle contains all the files to upgrade the NSX infrastructure. Before you begin the upgrade process, you must download the correct upgrade bundle version.  

You can also navigate to the upgrade bundle and save the URL. When you upgrade the upgrade coordinator, paste the URL so that the upgrade bundle is uploading from the VMware download portal.  

Procedure 

  1. Locate the NSX build on the VMware download portal

  1. Navigate to the upgrade bundle file and click Read More. 

  2. Verify that the upgrade bundle filename extension ends with .mub. 

  3. The upgrade bundle filename has a format similar to VMware-NSX-upgrade-bundle-ReleaseNumberNSXBuildNumber.mub. 

  1. Download the NSX upgrade bundle to the same system you are using to access the NSX Manager user interface. 

 

Filter Tags

Document