Network Migration | VLAN to VXLAN

Hi Guys,

Today I thought to write something about how you can migrate your underlay workload (VLAN) to overlay technology (VXLAN) in NSX.

So, when I say network migration, it will include migration at two levels.

A. L3 migration
B. VM vNIC migration

A. L3 migration means:-

Your current setup has VLAN and your VM's default gateway is physical switch\router\firewall whatever you have configured in your environment as shown in below image


                                                                   picture - 1.1
We basically needs to migrate this default gateway from your physical switch\router\firewall to DLR\UDLR in your NSX environment. See below image


                                                                                picture - 1.2

B. VM vNIC migration means:-

Just changing the mapped portgroup from VLAN to VXLAN from VM properties of a VM. Below is the referenced image.

                                                                    picture - 1.3
Step by Step Approach:-

Step X - Deploy and configure NSX (You can do it like pre-requisite)
Step 1 - Download NSX appliance and deploy it in your vcenter server
Step 2 - Integrate vcenter server with NSX
Step 3 - Add esxi host into your NSX cluster which will install the NSX VIBs and will make them ready for vxlan and dfw.
Step 4 - Create and define transport zone and other basic configuration of NSX

#Above steps are reference one. Mean to say before final network cutover (Changing VM's NIC), you can configure your NSX environment well in advance. Once it is ready then....

Step 5 - Create logical switch (it is like portgroup in vCenter server but it creates in the NSX environment that's why we call it logical switch). It is also known as logical wire. let's say I create a logical switch named "LS-mylab-192.168.0.0/24" which I will use to connect the VM. I will show you where exactly it fit in above picture 1.2.

Step 6 - Create and configure DLR\UDLR(in case of cross-vcenter setup)
Step 7 - Here, you will create a DLR instance and then connect above created logical switch with this DLR. It will create an LIF(Logical interface) on DLR and assign IP address 192.168.0.1 with subnet mask /24 on this interface. Keep this interface in disabled mode.
Step 8 - Create another interface on DLR which will connect it to NSX edge for uplink traffic through a separate LS (let's say I named it like Transit-DLR-ESG). It will have its IP configuration to communicate with Firewall and further. We are covering on NSX part in this post.

#Now your LS is connected with DLR\UDLR and your DLR\UDLR is connected with NSX Edge and further your NSX Edge is connected with firewall for outside traffic.

Step 9 - Create and configure NSX Edge
Step 10 - Create an internal interface on NSX Edge and connect it with DLR through another logical switch named as above Transit-DLR-ESG. It will now connect these two devices.
Step 11 - Create an uplink interface on NSX edge with vCenter simple portgroup with VLAN (for example VLAN 90)

Now make sure the traffic flow like, Logical switch (LS-mylab-192.168.0.0/24) --> DLR --> NSX Edge --> Firewall.

Also, you need to configure the IP addressing between all these devices. Don't worry,

Step 12 - Because DLR, ESG or firewall, all are L3/L7 devices so in order to connect these you have to configure routing as well. You have two options like either you configure static routing or enable dynamic routing protocol. I will go with dynamic routing protocol and will enable OSPF on DLR and Edge as well.

Once done, Make sure your DLR can ping your edge, your edge can ping your firewall and also your DLR can ping your firewall IP address.

Once above configuration is done and tested now, let's move toward the network migration part.

Step A - L3 Network Migration:
Simply, disable the VLAN interface on L3 switch
Enable LIF on DLR which was configured with same subnet pool that is 192.168.0.0/24 and having
IP address 192.168.0.1. We kept it disabled in step 7.

Step B - VM Network Migration:

Simply, change the portgroup of VM from VLAN to vxlan which will be visible in the list when you will change the portgroup.

 Once all done, network diagram will look like below.


Hope you will have some idea on it and might be having lots of questions here. Please feel free to ask any question. More you will ask, more it will clear!

Now, how to configure OSPF, how to assign IP address of interfaces of edge and dlr, why we only disabled vlan interface on physical switch. I intentionally exclude these points from this post because doing so will make this post very long (then it will be boring:)). In case, you want to know this then please feel free to let me know, I will explain these topics in my next posts.


Thank you,
vCloudNotes

0 Comments:

Post a Comment