VMware Networking Community
myesko
Enthusiast
Enthusiast
‎10-20-2023 12:59 PM

NSX Migration to NSX-T Edge requires a Gateway Now?

Hello, we have been slow to migrate our NSX to NSX-T.  We finally got around to it but im missing something as our Edges cant migrate without adding a Gateway now.  

We have a very simple setup, we only use NSX for Firewall and 3 Edge Network Load balancers.  

We currently have no Virtual Gateway for the Edge NLBs and everything is working great.

But when we use the migration tool for NSX-T, when it gets to the Edge migration its says we need to connect them to a Gateway or it will not Migrate them.  
We have no cloud stuff.  

Is the Gateway really necessary with NSX-T, or am i missing something silly?

Can is skip the Edge migration, then just setup new Edges in NSX-t without a gateway, this would be a pain, but we could plan a maintenance window?

Just doing simple Load balancing with the Edges

If the gateway is needed, This adds a complexity to things that i need to research and learn

Thanks for any input

 

0 Kudos
5 Replies
jeffersonc47
Enthusiast
Enthusiast
‎10-20-2023 03:01 PM

I realize this doesn't directly answer your question, but VMware would generally recommend you migrate load balancing to NSX Advanced Load Balancer not the native NSX-T load balancer. VMware has announced plans to remove the NSX native load balancer in favor of ALB in a future release:

===

Deprecation Announcement for NSX-T Load Balancing APIs

NSX-T Load Balancer APIs would be marked as deprecated. This would apply to all APIs containing URIs that begin with /policy/api/v1/infra/lb-

Please be aware that VMware intends to remove support of the NSX-T Load Balancer in an upcoming NSX-T release, which will be generally available no sooner than one year from the date this message was announced (December 16, 2021). NSX-T Manager APIs that are planned to be removed are marked with "deprecated" in the NSX Data Center API Guide.

It is recommended that new deployments with NSX-T Data Center take advantage of VMware NSX Advanced Load Balancer (Avi) using release v20.1.6 or later.

=== (https://docs.vmware.com/en/VMware-NSX/3.2/rn/vmware-nsxt-data-center-32-release-notes/index.html#Fea...)

===

VMware intends to deprecate the built-in NSX load balancer and recommends customers migrate to NSX Advanced Load Balancer (Avi) as soon as practical. VMware NSX Advanced Load Balancer (Avi) provides a superset of the NSX load balancing functionality and VMware recommends that you purchase VMware NSX Advanced Load Balancer (Avi) Enterprise to unlock enterprise grade load balancing, GSLB, advanced analytics, container ingress, application security and WAF.

We are giving advanced notice now to allow existing customers who use the built-in NSX load balancer time to migrate to NSX Advanced Load Balancer (Avi). Support for the built-in NSX load balancer for customers using NSX-T Data Center 3.x will remain for the duration of the NSX-T Data Center 3.x release series. Support for the built-in NSX load balancer for customers using NSX 4.x will remain for the duration of the NSX 4.x release series. Details for both are described in the VMware Product Lifecycle Matrix. We do not intend to provide support for the built-in NSX load balancer beyond the last NSX 4.x release.

=== https://docs.vmware.com/en/VMware-NSX/4.0.1.1/rn/vmware-nsx-4011-release-notes/index.html#Feature%20...

0 Kudos
myesko
Enthusiast
Enthusiast
‎10-21-2023 11:52 AM

Hello, yep been reading up on that, something else we will need to do, migrate to Advanced NLB as well.

Does look like regular NLB is still supported for now

 

0 Kudos
myesko
Enthusiast
Enthusiast
‎10-21-2023 12:08 PM

So I feel like NSX-T is more complicated then the old NSX.  

Everything ive read so far indicates a T1 or T0 Gateway is need to use the NSX-T load balancers.  

Ive attached what our current network topology looks like (Topology Current).  Very simple.  Thing is changing our Network Topology would be a big to do.  

Ive also attached what looks to be an example of a new Topology thats needed.  But im 99% sure i cant IP it the way i have it in the picture.  I would need other IP Subnets, but the thing is we get the IPs from our Central networking team.  

So the interfaces on the T1 Gateway would most likley have to be something like 10.0.1.2 and 10.0.1.3

Web Servers and Load Balancers would need to be changed to something like 10.0.1.5, 10.0.1.6 and 10.0.1.7

But this isnt realistic for us.  We have over 100 Vms, cant reIP all of them because of 3 load balancers.  

I have to assume NSX-T has a way of doing this without adding the T1 gateway, or a way were i dont need to reIP everything.

Hopefully im explaining things correctly, any help is appreciated

 

 

Preview file
39 KB
Preview file
37 KB
0 Kudos
myesko
Enthusiast
Enthusiast
‎10-21-2023 12:24 PM

So the more i read up on it, this topology might be an option (Topology New2)

Not exactly sure how to configure this yet, but sounds like the T1 Gateway acts as a service, not as an actual router.  

I just have to see how to deploy this.

Does this look correct and how i should be configuring?

Thanks

Preview file
44 KB
0 Kudos
myesko
Enthusiast
Enthusiast
‎10-21-2023 12:33 PM

Correction on the Topology New2.  
VIP is 10.0.0.5 and the interface on the LB/Gateway is 10.0.0.5 Not 10.0.06 and 10.0.0.3

Uploaded correction

 

Preview file
44 KB
0 Kudos