[ACI-To-NSX] Part 3; Migrate or migraine

[ACI-To-NSX] Part 3; Migrate or migraine

So now we covered all the basic and the preparation for the migration it’s time for the actual migration. We had the luxury we could start with the acceptance environment which had his own VRF(Bridge-Domain/subnets/EPGs) within ACI so we could really test our migration. Migration As a lot of environments nowadays, this environment contained sensitive data. Therefore, at no point the environment security must be compromised. The first migration strategies were focused on a L2 Bridge between ACI and NSX…

Read More Read More

[ACI-To-NSX] Solve the unsolvable

[ACI-To-NSX] Solve the unsolvable

Although the title is a bit overdramatic, at first we did think we had some pretty hard issues to tackle before we could even think about migrating. But after systematically working through the list, we solved them all. One of our first steps was to get the current contracts/EPGs out of ACI. Like almost every product nowadays ACI has an API. I did not have rights to the ACI environment, but the customer was able to pull out the requested…

Read More Read More

[ACI-TO-NSX] It all begins with the basics

[ACI-TO-NSX] It all begins with the basics

The last few months I have been busy with the migration from an outdated Cisco ACI environment to a brand new VMware NSX-T cluster. In the coming weeks I will make a few blogpost about this migration. But let’s begin with the start. I will briefly explain how Cisco ACI works before I take you on my journey in this transition. [This is a simplification of how ACI works, but for this post it contains enough info. I’m not an…

Read More Read More

NSX-T Missing addressets and rules

NSX-T Missing addressets and rules

We had an issue with a customer were sometimes after a vMotion some of the traffic was dropped from the VM for a short period of time (aprox. 5 minutes). After that short period everything was working as expected. (NSX-T 3.2.0.1). When we looked in loginsight we could see that traffic was dropped based on a rule that had a higher number as the allow rule. So we had some strong indication that this had something to do with firewall…

Read More Read More

NSX-V to T Migration tips

NSX-V to T Migration tips

The last few months I participated in a couple of NSX-T migrations. Although we ran into different issues during the migrations, we were able to finish all of the migrations successfully. Today I want to share some of the lessons I learned during these migration. In Dutch we have a phrase “(Een open deur intrappen/Kicking down an open door)” which means something like “stating the obvious”. Some of the things I’m going to describe might seem like open doors but…

Read More Read More

NSX-T RestAPI – Adding Multiple Segments

NSX-T RestAPI – Adding Multiple Segments

Due to some issues with the migration coordinator and OSPF(maybe I make a post about that later), we decided to go for another migration strategy for another NSX-V to NSX-T migration. In short we are using the migration coordinator but we will manually cutover the edges so we have more control over the north to south routing. That means we are using the “In-Place Migration of Specific Parts of NSX-V; Migrating Distributed Firewall Configuration, Hosts, and Workloads: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/migration/GUID-3BEAB1C6-3B6D-4253-A6A0-50774F5A5C3E.html One of…

Read More Read More

NSX-T Mysterious appearing QoS Policies

NSX-T Mysterious appearing QoS Policies

After a migration via the migration coordinator from NSX-V (6.4) to NSX-T(3.2) we ran into a couple of issues. The one i will talk about today is a random appearing QoS policy that does not seem to be active but is enabled on the VMs. I spoke a colleague who also had seen this issue after an upgrade from NSX-T so maybe it’s more widespread as it seems. Note; With a recent migration on version 3.2.0.1 we dit not see…

Read More Read More