The migration coordinator can migrate an NSX Data Center for vSphere environment if it is configured in a supported topology.

Nota: For the complete list of supported features for each topology, see Compatibilidad de funciones detallada del coordinador de migración.
Support for firewall is independent of the topology. Every topology listed below supports the following:
  • NSX Manager
  • Distributed Firewall
  • Service Composer
  • Grouping Objects

Unsupported Features

In all topologies, the following features are not supported:
  • OSPF between Edge Services Gateways and northbound routers. You must reconfigure to use BGP.
  • IP Multicast.
  • IPv6.

For detailed information about which features and configurations are supported, see Compatibilidad de funciones detallada del coordinador de migración.

ESG with High Availability and L4-L7 Services (Topology 1)

This topology contains the following configurations:
  • A Distributed Logical Router (DLR) peering with Puerta de enlace de servicios Edge (ESG).
  • ECMP is not configured.
  • The Edge Services Gateways are in a high availability configuration.
  • BGP or static routing is configured between the Puerta de enlace de servicios Edge and northbound routers (ToR).
  • Puerta de enlace de servicios Edge can be running L4-L7 services:
    • VPN, NAT, DHCP server, DNS forwarding, Edge Firewall are supported services.
    • Load balancer is not supported in this topology.
About migrating DHCP relay:
  • Although DHCP relay can be configured on either ESG or DLR, only DHCP relay on DLR will be migrated.
  • In this topology, if DHCP relay is running on the DLR, and DHCP server is running on the ESG, both DHCP relay and DHCP server will be migrated to the same NSX-T gateway. They will not be migrated separately.
After migration, this configuration is replaced with a tier-0 gateway.
  • The tier-0 gateway service router is in active/standby mode.
  • The IP addresses of the Distributed Logical Router interfaces are configured as downlinks on the tier-0 gateway.
  • The BGP or static routing configuration of the ESG is translated to a BGP or static routing configuration on the tier-0 gateway.
    Nota: When static routing is used, the migration coordinator does not configure the NSX-T HA Virtual IP (VIP) address automatically. You must add the NSX-T HA VIP address manually after the migration.
  • Supported services are migrated to the tier-0 gateway.
Nota: Depending on your configuration, you might need to provide new IP addresses for the tier-0 gateway uplinks. For example, on an Puerta de enlace de servicios Edge, you can use the same IP address for the router uplink and for the VPN service. On a tier-0 gateway, you must use the different IP address for VPN and uplinks. See Problemas de configuración de ejemplo for more information.
Figura 1. Topology 1: Before and After Migration

Topology 1 Before and After Migration.

ESG with No L4-L7 Services (Topology 2)

This topology contains the following configurations:
  • The Distributed Logical Router has ECMP enabled and peers with multiple Edge Services Gateways.
  • BGP is configured between the Puerta de enlace de servicios Edge and northbound routers (ToR). The Edge Services Gateways must be configured with the same BGP neighbors. All Edge Services Gateways must point to the same autonomous system (AS).
  • If BGP is configured between the Distributed Logical Router and Puerta de enlace de servicios Edge, all BGP neighbors on the Distributed Logical Router must have the same weight.
  • Edge Services Gateways must not run L4-L7 services.
After migration, this configuration is replaced with a tier-0 gateway.
  • The tier-0 gateway service router is in active/active mode.
  • The IPs of the Distributed Logical Router interfaces are configured as downlinks on the tier-0 Gateway.
  • The BGP configurations of the Edge Services Gateways are translated to a BGP configuration on the tier-0 gateway. Route redistribution configuration is translated.
  • Static routes from Edge Services Gateways and Distributed Logical Routers are translated to static routes on the tier-0 gateway.
Figura 2. Topology 2: Before and After Migration

Topology 2 Before and After Migration.

Two Levels of ESG with L4-L7 Services on Second-Level ESG (Topology 3)

The topology contains the following configurations:
  • Two levels of Edge Services Gateways with Distributed Logical Router.
  • The first-level (ToR-facing) Edge Services Gateways must not run L4-L7 services.
  • The first-level Edge Services Gateways must have BGP enabled and have at least one BGP neighbor.
  • The first-level Edge Services Gateways have ECMP enabled and peer with the second-level Edge Services Gateways.
  • The second-level Edge Services Gateways can run L4-L7 services:
    • NAT, DHCP server, DNS forwarding, inline load balancer, and Edge firewall are supported.
    • VPN is not supported.
About migrating DHCP relay:
  • Although DHCP relay can be configured on either ESG or DLR, only DHCP relay on DLR will be migrated.
  • In this topology, if DHCP relay is running on the DLR, and DHCP server is running on the ESG, both DHCP relay and DHCP server will be migrated to the same NSX-T gateway. They will not be migrated separately.
After migration, this configuration is replaced with a tier-0 gateway and a tier-1 gateway.
  • The first-level Edge Services Gateways are replaced with a tier-0 gateway. The service router is in active/active mode.
  • The IPs of the first-level Puerta de enlace de servicios Edge uplinks are used for the tier-0 gateway uplinks.
  • The tier-0 gateway peers with northbound routers (ToR) using BGP.
  • The second-level Edge Services Gateways are translated to a tier-1 gateway, which is linked to the tier-0 gateway.
  • The IPs of the Distributed Logical Router interfaces are configured as downlinks on the tier-1 Gateway.
  • Any services running on the second-level Puerta de enlace de servicios Edge are migrated to the tier-1 gateway. The active/passive Service Routers on the tier-1 gateway use the same Edge nodes that are used for the tier-0 gateway.
  • The BGP configuration on the first-level Edge Services Gateways is translated to a BGP configuration for the tier-0 gateway. Route redistribution configuration is translated.
  • Static routes from Edge Services Gateways and Distributed Logical Routers are translated to static routes on the tier-0 gateway. Static routes between the Distributed Logical Router and second-level Edge Services Gateways are not needed, and so are not translated.
Figura 3. Topology 3: Before and After Migration

Topology 3 Before and After Migration.

One-Armed Load Balancer (Topology 4)

This topology contains the following configurations:
  • The Distributed Logical Router has ECMP enabled and peers with multiple Puerta de enlace de servicios Edge.
  • BGP is configured between the Puerta de enlace de servicios Edge and northbound routers (ToR). All Edge Services Gateways must be configured with the same BGP neighbors. All Edge Services Gateways must point to the same autonomous system (AS).
  • If BGP is configured between the Distributed Logical Router and Puerta de enlace de servicios Edge, all BGP neighbors on the Distributed Logical Router must have the same weight.
  • The ToR-facing Edge Services Gateways must not run L4-L7 services.
  • An Puerta de enlace de servicios Edge is a single-arm load balancer attached to a Logical Switch, which is connected to a Distributed Logical Router. This Puerta de enlace de servicios Edge can also run Edge firewall and DHCP.
After migration, the top-level (ToR-facing) Edge Services Gateways and the Distributed Logical Router are replaced with a tier-0 gateway. The Puerta de enlace de servicios Edge performing load balancing service is replaced with a tier-1 gateway.
  • The tier-0 gateway service router is in active/active mode.
  • The IPs of the Distributed Logical Router interfaces are configured as downlinks on the tier-0 Gateway.
  • The BGP configurations of the top-level Edge Services Gateways are translated to a BGP configuration on the tier-0 gateway. Route redistribution configuration is translated.
  • Static routes from the top-level Edge Services Gateways and Distributed Logical Routers are translated to static routes on the tier-0 gateway.
  • The load balancing configuration on the Puerta de enlace de servicios Edge is translated to a one-arm load balancer using Service Interface (SI) configuration on the tier-1 Service Router.
Figura 4. Topology 4: Before and After Migration

Topology 4 Before and After Migration.

VLAN-Backed Micro-Segmentation (Topology 5)

This topology uses Distributed Firewall to provide firewall protection to workloads connected to VLAN-backed distributed port groups.

This topology uses the following NSX Data Center for vSphere features:
  • NSX Manager
  • Host Preparation (Distributed Firewall only)
  • Distributed Firewall
  • Service Composer
  • Grouping Objects
This topology must not contain the following features:
  • Transport Zone
  • VXLAN
  • Logical Switch
  • Puerta de enlace de servicios Edge
  • Distributed Logical Router