Wednesday, 5 August 2015

Migrating Workloads into NSX

In this post I'm going to show you how to migrate virtual workloads from a VLAN backed portgroup into NSX and onto a VXLAN backed portgroup (Logical Network).  I've setup two VM's connected to a VLAN backed portgroup called Compute-VLAN14-Test and my router (RouterOS) has an L3 interface in this VLAN (10.1.14.1).  The VM's have an IP address on the 10.1.14.0/24 network and their default gateway is 10.1.14.1:


The plan is to create a new Logical Network (VXLAN backed portgroup) called Test-Network within NSX and then bridge this logical network and the VLAN and seamlessly migrate workloads across. The default gateway will remain on the physical router for external connectivity:


Once all workloads have been migrated the L3 interface the on physical router will be disabled and the logical network will be connected to the Logical Distributed Router (LDR) and an IP address of 10.1.14.1 will be assigned to that interface. Since I have OSPF configured between the LDR and the EDGE and BGP between the EDGE and the physical router (RouterOS) the 10.1.14.0/24 network will be advertised to the physical router and L3 connectivity will be restored:


This will allow us to migrate workloads into NSX and onto a logical network without having to re-ip any VM's and minimize outages to the application.  With that, lets get started.  We can see that the two VM are connected to the Compute-VLAN14-Test portgroup



We are now going to create the logical network by logging into the vSphere Web Client, navigating to the Networking and Security Plugin and then selecting logical switches.  I've created a new logical network called Test-Network and assigned it to my transport zone:


Now, I'm going to create the bridge between the Compute-VLAN14-Test portgroup and the logical network Test-Network. Bridging is configured on an LDR so I'm going to navigate to NSX Edges, modify my LDR and go to the Bridging tab and add a new Bridge.  In order to add a new bridge you need to supply a name and then the logical network and portgroup that you want to bridge together and then publish the changes:


You might have noticed that I'm bridging MGMT-VLAN14-Test instead of Compute-VLAN14-Test.  This is because I have a separate vSphere Distributed Switch for Management and Compute and my LDR resides in the management cluster.  I'm now going to move TEST01 onto the new logical network and show that we still have L2 and L3 connectivity:




We now have the following topology:


We are now going to change the network for TEST02 and attach it to the Test-Network, disable the L3 interface on the physical router and attach the Test-Network to the LDR and give it an IP address of 10.1.14.1.  After this the network will converge and the 10.1.14.0/24 network will be advertised to the EDGE and then back to the physical router.  First thing to do is disable the L3 interface on the physical router.  As you can see the interface has been disabled, the route has been removed from the routing table and I've lost connectivity to TEST01 and TEST02 (My client IP is in the 10.1.9.0/24 range):


We now go back into the LDR and add an interface into the Test-Network and assign it an IP address of 10.1.14.1:


As soon as this is completed L3 connectivity has been restored and the route has been advertised back up to the physical router:


Final task is to remove the bridge on the LDR and decommission the Compute-VLAN14-Test portgroup and VLAN from the physical infrastructure.  The default gateway for the VM's is the LDR and we have migrated our workloads with minimal downtime and no IP address changes. We are now left with the following topology:


How awesome is NSX

No comments:

Post a Comment