By default, NSX-T transport nodes access NSX-T Manager nodes via their IP address, however, changing this behaviour so that the NSX-T Manager FQDN is used instead is an easy fix and is implemented by a simple REST API call.

FQDN registration is an NSX-T Multisite requirement. As such, FQDN registration is not required for single-site deployments.

In the scenario whereby a customer needs to failover NSX-T operations to a secondary site (by deploying a new NSX-T Manager and restoring from backup), the NSX-T Manager(s) and Cluster VIP address will likely change unless they have implemented stretched-L2. As such, the NSX-T Manager(s)/Cluster FQDN needs to be registered with all NSX-T transport nodes and, once a new NSX-T Manager is deployed to the secondary site and restored from backup, DNS can be amended, and management operations restored.

Prerequisites

FQDN registration MUST be included in your NSX-T Multisite design and, as such, must be implemented before any failover procedures are invoked.

Forward and reverse DNS records for the NSX-T Manager(s) and Cluster VIP must be in place. Ideally, these DNS records will have a low TTL (e.g., 600 seconds).

Pre-Configuration Checks

Firstly, let’s take a look at the current FQDN configuration.

1. Launch your REST API client of choice (I am using Postman) and run the below API call (providing the appropriate NSX-T credentials).

GET https://<nsx-mgr>/api/v1/configs/management

Our expected response is detailed below and should display the default configuration – ‘”publish_fqdns”: false’.

2. Connect to an Edge Transport node via SSH and check the Controller FQDN via the below command:

get controllers

Note the Controller FQDN states NA.

NSX-T Edge Transport Node – Controller FQDN before FQDN Registration

3. Connect to a Host Transport node via SSH and check the Controller FQDN via the below command:

nsxcli
get controllers

Note the Controller FQDN states NA.

NSX-T Host Transport Node – Controller FQDN before FQDN Registration

Publishing NSX-T FQDN

4. Jump back into your API client and copy the response generated by our earlier GET API call. Paste this into the body (raw > JSON) and change false to true.

{
"publish_fqdns": true,
"_revision": 0
}

5. When ready, change GET to PUT, and hit Send. If successful, the API response will now display ‘”publish_fqdns”: true’, and the _revision status will have been incremented by one.

Validating Access via FQDN by Transport Nodes

6. Now that the NSX-T Manager’s FQDN has been registered, let’s revisit the transport nodes and validate the Controller FQDN status. As you can see via the below screenshots, both transport nodes are now displaying the NSX-T Manager FQDN.

NSX-T Edge Transport Node – Controller FQDN after FQDN Registration
NSX-T Host Transport Node – Controller FQDN after FQDN Registration

This concludes the NSX-T Manager FQDN registration process.

As mentioned at the start of the article, FQDN registration is not a requirement for running NSX-T in a single-site deployment; however, it is required for NSX-T Multisite without stretched-L2.

We will dive into the NSX-T Multisite failover process in a future post. Again, this is a simple process; however, this can be more than a little daunting to deal with in a production environment (as well as a little time-consuming).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.