VMware NSX Migration for VMware Cloud Director 1.4.2 | 09 MAY 2023 Check for additions and updates to these release notes. |
VMware NSX Migration for VMware Cloud Director 1.4.2 | 09 MAY 2023 Check for additions and updates to these release notes. |
The NSX Migration for VMware Cloud Director tool version 1.4.2 supports several new features:
Support for IP Spaces: Support for using IP Space enabled Provider Gateways for migration has been added.
Direct network migration mechanism enhancements: Direct Org VDC networks of all types (dedicated/service) connected to a VXLAN backed external network will be migrated and connected to an existing external network with the same name with ‘-v2t’ suffix backed NSX-T segment.
Support for exclusion/negated distributed firewall rules: Support for migration of distributed firewall rules negated at the source/destination field has been added.
Support for multiple ports in distributed firewall rules service: Support for migration of distributed firewall rules having multiple ports in service (given as a range or separated by a comma) has been added.
Detailed V2T Assessment Report Enhancement: Extra column named ‘OrgVdcToBeMigratedTogether’ has been added to the detailed assessment report to specify the list of Org VDCs that have to be migrated together due to shared network constraints. The migration tool will check and verify the limit of 16 Org VDCs for those getting migrated through the data center creation mechanism.
Catalog migration enhancements:
YAML flag TimeoutForVappMigration usage enhancements: Input YAML flag `TimeoutForVappMigration` used to customize timeout for vApp migration and also affects catalog migration timeout during the cleanup process.
vApp template migration enhanced: The migration tool will update the storage policy of the vApp template to the default storage policy of target NSX-T backed Org VDC during catalog migration in the cleanup process if the storage policy of the vApp template is not present in the target Org VDC.
Support for owner info and share permission info of catalog: Support for migration of owner information and share permissions information of catalogs has been added during the cleanup process.
Support for migration of VMs without NICs: Support for migration of VMs without NICs has been added.
Support for SSL Passthrough in LB application profile: Support for migration of LB configuration with SSL Passthrough enabled in the application profile has been added. So, if SSL Passthrough is enabled, then HTTPS protocol will be changed to TCP protocol and HTTPS Health Monitor will be changed to TCP Health Monitor on the Target side after migration.
Rollback Fails at ‘Reset the target external network’
Step:
[vcdOperations]:[resetTargetExternalNetwork]:3911 [INFO] [VDC-demo]| Rollback:Reset the target external network
Exception:
Failed to reset the target external network 'external-network-name' to its initial state: [ xx-xx-xx-xx-xx] The provided list 'ipRanges.values' should have at least one item in it.
Reason: During rollback, the migration tool removes the IP address/s used by the target edge gateway from the target external network. If the target external network has no spare IP in its static IP Pool apart from the ones used by target edge gateway/s, then the migration tool will not be able to remove the IPs as a minimum of one IP should be present in every subnet of an external network.
Workaround: Add additional IP(s) to the static IP pool of the target external network and run the rollback.
Resolution: Set the EmptyIPPoolOverride field as True in the input YAML file.
Cleanup Fails at ‘Updating the source External network’
Step:
[vcdNSXMigratorCleanup]:[run]:3542 [INFO] [VDC-demo]| Updating the source External network.
Exception:
Failed to update source external network ‘external-network-name' : [ xx-xx-xx-xx-xx] The provided list 'ipRanges.values' should have at least one item in it.
Reason: During cleanup, the migration tool removes the IP address/s used by the source edge gateway from the source external network. If the source external network has no spare IP in its static IP Pool apart from the ones used by source edge gateway/s, then the migration tool will not be able to remove the IPs as a minimum of one IP should be present in every subnet of an external network.
Workaround: IP/s need to be cleaned manually from the static IP Pool of the source external network in case of failure.
Resolution: Set the EmptyIPPoolOverride field as True in the input YAML file.
VM loses N-S traffic after rollback
After rollback is completed, VMs may lose N-S connectivity. VM loses N-S traffic following vMotion to an NSX for vSphere host after NSX-v to NSX-T Edge migration cutover was done.
Resolution: The issue is fixed in NSX-T version 3.1.3.3 (for more details, see NSX-T Release Notes).
VMs connected to distributed Org VDC networks lose network connectivity after the N-S network switchover
VMs connected to distributed Org VDC networks lose network connectivity after the N-S network switchover and bridging does not work.
Workaround: Ensure that the MAC Address of the NSX-T Virtual Distributed Router is using a different MAC address than the NSX-V distributed logical router. For more details, see NSX-T documentation.
Migration of VM with disconnected NIC fails
Migration of VM fails if a network is assigned to the VM NIC, but it is in a disconnected state (by unchecking the "Connected" box in VMware Cloud Director Tenant Portal).
Workaround: Set the Network value for the VM to "None".
Resolution: The issue is fixed in VMware Cloud Director 10.3.3.2 and 10.4 releases.
Migration of VM with placement policy fails
The operation failed because no suitable resource was found. Out of 1 candidate hubs: 1 hubs eliminated because: Only contains rejected VM Groups(s): [[VM+Group1], [VM+group1]] Rejected hubs: resgroup-4416 PlacementException NO_FEASIBLE_PLACEMENT_SOLUTION
Workaround: Make sure that VM groups backing the source and target placement policy are identically named.
Routed Org VDC network with non-distributed enabled creation fails to connect the interface of the edge gateway
Creation of routed Org VDC network with non-distributing routing enabled on it fails with “Failed to connect the interface of edge gateway <Edge_Gateway_Name
> to organization VDC network <Network_Name>
” error.
Reason: This issue occurs if the guest VLAN is enabled on the non-distributed routed network.
Workaround: Perform rollback and disable guest VLAN for the concerned Org VDC network and run the migration again.
Resolution: The issue will be fixed in NSX-T version 4.1.1.
Rollback fails to reconnect the source Org VDC Network to Edge Gateway
Rollback fails with "Cannot update the network with new subnet because it does not overlap allocated ip (XXX) from original range ()." error ip (XXX) from original range ()." error.
Step:
Reconnecting the Source Org VDC Network to the Edge Gateway.
Reason: This error occurs if the present routed vApp network has a manual NAT IP translation rule and the assigned external IP does not belong to the static IP pool of the parent Org VDC network.
Workaround: Add the external IP used in the NAT IP translation rule which belongs to the static IP pool of the NSX-V backed parent Org VDC network.
The deletion of the metadata key fails in case of a forward slash (/) present in the name of the key
The migration tool creates an Org VDC metadata key with a network name appended to it which causes metadata deletion failure if the network name is represented with a forward slash (/) in it.
Impact: No impact from a migration perspective.
Workaround: Remove the forward slash ' /' character from the network name if exists.
Resolution: The issue is fixed in VMware Cloud Director 10.4.1 release.
The migration tool supports only a single port for the Load Balancer Virtual Server
The Migration tool will migrate Load Balancer Virtual Servers with a single port only. Load Balancer Virtual Servers containing multiple ports will not be migrated.
Workaround: Create multiple virtual servers as per the requirement.
VM traffic disconnects for a significant time during rollback
Reason: During rollback from NSX-T-backed Org VDC to NSX-V-backed Org VDC, the VM traffic disconnects for a significant time.
Workaround:
Reboot the VM.
Disconnect and reconnect the NIC(s) of Virtual Machine from the VMware Cloud Director tenant portal UI.
Resolution: Workaround has been added in migration tool 1.4.1, to avoid this issue wherein the workload VMs will be added to the NSX-T exclusion list before vMotion. This workaround in the migration tool will be applied to NSX-T 3.2.0 and later versions.
If the Org VDC has only direct networks (and no routed networks), the migration tool will not add such networks to the exclusion list thereby causing downtime. To avoid this, just add a dummy routed network to the Org VDC. If the direct network is added to some data center group, then a dummy routed network should be added to that data center group as well.
Transparent Load Balancer Avi version check returns the wrong version
Reason: Avi version 21.1.4 or higher is necessary for transparent load balancing. The migration tool checks the Avi version using VCD API. The VCD API keeps the Avi version that existed when Avi was connected to VCD, and it does not keep track of updates which causes migration tool validation failure.
Workaround: The workaround is to update the Avi controller registration in VCD UI. Adding a description to the controller would suffice.
Resolution: The issue will be fixed in a future version of the VMware Cloud Director release.
Creation of Static Route applied on segment-backed external network interface directly connected to edge gateway via service port fails in case of multiple subnets present in an external network
Reason: The migration tool creates static routes to ensure connectivity when the default gateway of NSX-T edge gateway is in the segment-backed external network that is directly connected to the edge via a service port. The service port fails when multiple subnets are present in the segment-backed external network.
Workaround: The workaround is to have only one subnet present in segment backed external network.
Resolution: The issue is fixed in VMware Cloud Director 10.4.2 release.
Rollback fails to move the standalone VM
Exception:
"[ XXXX-XX-XX-XX-XXXX ] Managed object of type "Folder" with value "group-vXXXX" does not exist.
- The object 'vim.Folder:group-vXXXX' has already been deleted or has not been completely created"
Resolution: The issue is fixed in VMware Cloud Director 10.4.1 release.
Cross vCenter migration fails during vApp/VM movement
Exception:
[xxxx-xx-xx-xx-xxxx] Internal Server Error- null Task failed, vcd-id={xx-xx-xx-xx-xx}, task-moref={ManagedObjectReference: type = Task, value = task-xxxx, serverGuid = null}, error={A general system error occurred: Connection timer out}
Reason: Incorrect vCenter URL registration string in the VCD database with port “0” suffix.
Workaround: Edit the vCenter registration in the VCD database and remove the “0” port after the URL.
Resolution: The issue is fixed in VMware Cloud Director 10.4.1 release.
vApp migration fails with NO_FEASIBLE_PLACEMENT_SOLUTION when the target Org VDC cluster is backed by only one ESXi host
Workaround: Make sure vSphere clusters have at least two ESXi hosts.
Cross vCenter VM vMotion fails with an error in VMware Cloud Director 10.4.1 or newer
Exception:
failed to update and has been rolled back. null Underlying system error: com.vmware.vim.binding.vim.fault.SSLVerifyFault
Resolution: Make sure that both vCenters trust each other with their VMware Certificate Authority (VMCA) certificate. For more information, refer to the KB Article.
VLAN-backed external network cannot be connected to Tier-1 GW when the same VLAN ID is used for one of the Edge Node uplinks.
Workaround: Use different Edge Cluster for Tier-1 GW to avoid VLAN conflict on the same Edge Node.
Migration fails for vApp/VM with snapshot for cross vCenter migration
Exception:
Internal Server Error\n - VM xxx (xxxxx-xxxx-xxx-xxxx-xxxxxxxxx) failed to update and has been rolled back. null Underlying system error: com.vmware.vim.binding.vim.fault.DiskMoveTypeNotSupported
Workaround: Remove the snapshot before migration.
Resolution: The issue will be fixed in a future version of the VMware Cloud Director release.
NSX-T Edge Gateway connected to IP Space enabled Provider Gateway (public) loses Routed Org VDC network advertisement configuration during migration after edge gateway is reconnected to Tier-0/VRF
Reason: Migration tool during its service configuration step enables route advertisement of routed Org VDC networks that are being advertised and connected to edge gateway having its uplink connected to IP Space enabled Public Provider Gateway. Once target-routed Org VDC networks are reconnected to the NSX-T edge gateway, the migration tool reconnects the NSX-T edge gateway to Tier-0/VRF. During this reconnection of the edge gateway to the Tier-0/VRF edge gateway, the NSX-T edge gateway loses routed Org VDC networks advertisement info connected to its interfaces.
Workaround: After the reconnection of NSX-T edge to Tier-0/VRF, follow the steps below:
Go to each Advertised routed Org VDC network connected to edge gateway with uplink connected to IP Space enabled Public Provider Gateway.
Click Edit and then click Save. This will restore routed Org VDC networks advertisement configuration in the NSX-T edge gateway.
Resolution: The issue will be fixed in a future version of VMware Cloud Director.
Move vApp fails to retain external IPs for powered-off routed vApp.
While creating a routed vApp network (connected to VMs) connected to an Org VDC network, after migration, the primary IPs are retained but external IPs are not retained even after "Retain IP/MAC Resources" is enabled.
Reason: After migration, the powered-off routed vApp has external IPs in a "pending" state.
Resolution: The issue will be fixed in a future version of VMware Cloud Director.