The migration coordinator can migrate an NSX Data Center for vSphere environment if it is configured in a supported topology.

Note: For the complete list of supported features for each topology, see Detailed Feature Support for Migration Coordinator.
Support for firewall is independent of the topology. Every topology listed below supports the following:
  • NSX Manager
  • Distributed Firewall
  • Service Composer
  • Grouping Objects

Unsupported Features

In all topologies, the following features are not supported:
  • OSPF between Edge Services Gateways and northbound routers. You must reconfigure to use BGP.
  • IP Multicast.
  • IPv6.

For detailed information about which features and configurations are supported, see Detailed Feature Support for Migration Coordinator.

ESG with High Availability and L4-L7 Services (Topology 1)

This topology contains the following configurations:
  • A Distributed Logical Router (DLR) peering with Edge Services Gateway (ESG).
  • ECMP is not configured.
  • The Edge Services Gateways are in a high availability configuration.
  • BGP or static routing is configured between the ESG and top-of-rack (ToR) northbound routers. If BGP is configured, all ESGs must be configured with the same global BGP settings.
  • Edge Services Gateway can be running L4-L7 services:
    • VPN, NAT, DHCP server, DNS forwarding, Edge Firewall are supported services.
    • Load balancer is not supported in this topology.
About migrating DHCP relay:
  • Although DHCP relay can be configured on either ESG or DLR, only DHCP relay on DLR will be migrated.
  • In this topology, if DHCP relay is running on the DLR, and DHCP server is running on the ESG, both DHCP relay and DHCP server will be migrated to the same NSX-T gateway. They will not be migrated separately.
After migration, this configuration is replaced with a tier-0 gateway.
  • The tier-0 gateway service router is in active/standby mode.
  • The IP addresses of the Distributed Logical Router interfaces are configured as downlinks on the tier-0 gateway.
  • The BGP or static routing configuration of the ESG is translated to a BGP or static routing configuration on the tier-0 gateway.
    Note: When static routing is used, the migration coordinator does not configure the NSX-T HA Virtual IP (VIP) address automatically. You must add the NSX-T HA VIP address manually after the migration.
  • Supported services are migrated to the tier-0 gateway.
Note: Depending on your configuration, you might need to provide new IP addresses for the tier-0 gateway uplinks. For example, on an Edge Services Gateway, you can use the same IP address for the router uplink and for the VPN service. On a tier-0 gateway, you must use the different IP address for VPN and uplinks. See Example Configuration Issues for more information.
Figure 1. Topology 1: Before and After Migration

Topology 1 Before and After Migration.

ESG with No L4-L7 Services (Topology 2)

This topology contains the following configurations:
  • The Distributed Logical Router has ECMP enabled and peers with multiple Edge Services Gateways.
  • BGP or static routing is configured between the ESG and top-of-rack (ToR) northbound routers. If BGP is configured, all ESGs must be configured with the same global BGP settings.
  • If BGP is configured between the Distributed Logical Router and Edge Services Gateway, all BGP neighbors on the Distributed Logical Router must have the same weight.
  • Edge Services Gateways must not run L4-L7 services.
After migration, this configuration is replaced with a tier-0 gateway.
  • The tier-0 gateway service router is in active/active mode.
  • The IPs of the Distributed Logical Router interfaces are configured as downlinks on the tier-0 Gateway.
  • The BGP configurations of the Edge Services Gateways are translated to a BGP configuration on the tier-0 gateway. Route redistribution configuration is translated.
  • Static routes from Edge Services Gateways and Distributed Logical Routers are translated to static routes on the tier-0 gateway.
Figure 2. Topology 2: Before and After Migration

Topology 2 Before and After Migration.

Two Levels of ESG with L4-L7 Services on Second-Level ESG (Topology 3)

The topology contains the following configurations:
  • Two levels of Edge Services Gateways with Distributed Logical Router.
  • The first-level (ToR-facing) Edge Services Gateways must not run L4-L7 services.
  • The first-level Edge Services Gateways must have BGP enabled and have at least one BGP neighbor. All the ESGs must be configured with the same global BGP settings.
  • The first-level Edge Services Gateways have ECMP enabled and peer with the second-level Edge Services Gateways.
  • The second-level Edge Services Gateways can run L4-L7 services:
    • NAT, DHCP server, DNS forwarding, inline load balancer, and Edge firewall are supported.
    • VPN is not supported.
About migrating DHCP relay:
  • Although DHCP relay can be configured on either ESG or DLR, only DHCP relay on DLR will be migrated.
  • In this topology, if DHCP relay is running on the DLR, and DHCP server is running on the ESG, both DHCP relay and DHCP server will be migrated to the same NSX-T gateway. They will not be migrated separately.
After migration, this configuration is replaced with a tier-0 gateway and a tier-1 gateway.
  • The first-level Edge Services Gateways are replaced with a tier-0 gateway. The service router is in active/active mode.
  • The IPs of the first-level Edge Services Gateway uplinks are used for the tier-0 gateway uplinks.
  • The tier-0 gateway peers with northbound routers (ToR) using BGP.
  • The second-level Edge Services Gateways are translated to a tier-1 gateway, which is linked to the tier-0 gateway.
  • The IPs of the Distributed Logical Router interfaces are configured as downlinks on the tier-1 Gateway.
  • Any services running on the second-level Edge Services Gateway are migrated to the tier-1 gateway. The active/passive Service Routers on the tier-1 gateway use the same Edge nodes that are used for the tier-0 gateway.
  • The BGP configuration on the first-level Edge Services Gateways is translated to a BGP configuration for the tier-0 gateway. Route redistribution configuration is translated.
  • Static routes from Edge Services Gateways and Distributed Logical Routers are translated to static routes on the tier-0 gateway. Static routes between the Distributed Logical Router and second-level Edge Services Gateways are not needed, and so are not translated.
Figure 3. Topology 3: Before and After Migration

Topology 3 Before and After Migration.

One-Armed Load Balancer (Topology 4)

This topology contains the following configurations:
  • The Distributed Logical Router has ECMP enabled and peers with multiple Edge Services Gateway.
  • BGP or static routing is configured between the ESG and top-of-rack (ToR) northbound routers. If BGP is configured, all ESGs must be configured with the same global BGP settings.
  • If BGP is configured between the Distributed Logical Router and Edge Services Gateway, all BGP neighbors on the Distributed Logical Router must have the same weight.
  • The ToR-facing Edge Services Gateways must not run L4-L7 services.
  • An Edge Services Gateway is a single-arm load balancer attached to a Logical Switch, which is connected to a Distributed Logical Router. This Edge Services Gateway can also run Edge firewall and DHCP.
After migration, the top-level (ToR-facing) Edge Services Gateways and the Distributed Logical Router are replaced with a tier-0 gateway. The Edge Services Gateway performing load balancing service is replaced with a tier-1 gateway.
  • The tier-0 gateway service router is in active/active mode.
  • The IPs of the Distributed Logical Router interfaces are configured as downlinks on the tier-0 Gateway.
  • The BGP configurations of the top-level Edge Services Gateways are translated to a BGP configuration on the tier-0 gateway. Route redistribution configuration is translated.
  • Static routes from the top-level Edge Services Gateways and Distributed Logical Routers are translated to static routes on the tier-0 gateway.
  • The load balancing configuration on the Edge Services Gateway is translated to a one-arm load balancer using Service Interface (SI) configuration on the tier-1 Service Router.
Figure 4. Topology 4: Before and After Migration

Topology 4 Before and After Migration.

VLAN-Backed Micro-Segmentation (Topology 5)

This topology uses Distributed Firewall to provide firewall protection to workloads connected to VLAN-backed distributed port groups.

This topology uses the following NSX Data Center for vSphere features:
  • NSX Manager
  • Host Preparation (Distributed Firewall only)
  • Distributed Firewall
  • Service Composer
  • Grouping Objects
This topology must not contain the following features:
  • Transport Zone
  • VXLAN
  • Logical Switch
  • Edge Services Gateway
  • Distributed Logical Router