Starting with vSphere or NSX on a NSX-V to NSX-T migration

It is possible to have a look at the presentation since it was published on vNS TechCon YouTube channel. With a small remark that the recorded presentation is in Dutch, as you may already have seen from the picture above.

Along with some of my colleague’s we have been presenting and taking about NSX-V to NSX-T migrations at various events for over a year now.

So, why do you need to think about a migration?

Simple, the general support for NSX-V is ending in January 2022 and already development of new features for NSX-V has almost stopped. NSX-T is where all the new features will be released. This means thinking about NSX-T becomes more important in the coming months.

Okay, back to the question from my session. What to do first; migrate to NSX-T or migrate to vSphere 7. There are many options and solutions available. But hopefully this blog or the coming blogs will provide you with some additional info to help you on your path.

So, what did I talk about during the vNS TechCon session? As the Dutch title already says is about the steps to migrate from NSX-V to NSX-T and two possible options. To migrate vSphere to version 7 first or the migrate NSX from "V" to "T" first.

The reason this is an interesting discussion is because it determines the steps that are required to take and more specifically which virtual switch will be used. Let me explain. Before vSphere 7 was launched the only way to use NSX-T was with the N-VDS, whether you are using the networking or the security part. The virtual machine (VM) needs to be connected to a logical segment on a N-VDS. With vSphere 7 came the option to use NSX-T with the virtual Distributed Switch (vDS) version 7. The VM still needs to be connected to an NSX-T logical segment to use the NSX-T functionality. Then VMware came with support for vSphere 7 in NSX-V (currently version 6.4.8). This opened the two possibilities to migrate from NSX-V on vSphere 6.x to NSX-T on vSphere 7.x.

The real difference in the migration path has to do with virtual switches being used. As the vDS is well known for the most vSphere and NSX-V users, I showed the following slide in my presentation regarding the N-VDS.

Again, this is not a complete breakdown of all the functions and features of the N-VDS, but only the related part for this discussion. On the left side you can see a ESXi host with four physical Nics (PNICs P1 –> P4). With four uplinks available it’s possible to use the first two for the vmkernel ports (ESXi management, vMotion, etc..). These two uplinks are connected to a vDS. The other two ports can be used for the N-VDS to carry the traffic for the VM’s. In the middle the ESXi host only has two PNICs. With this setup the N-VDS needs to carry both the vmkernel and VM traffic. Although this is a good and workable setup, I have seen multiple occasions where the de-installation of NSX-T from the ESXi host was troublesome. For example, to replace or to remove a host. VMware has done excellent work with the installation and removal in NSX-T, but I personally like the idea of vCenter controlling the distributed switch where the vmkernel ports are located. Like you can see in the above picture on the left and on the right.

On the last picture on the right you can see an ESXi host with two PNICs and a vDS version 7. With the vDS version 7 it’s possible to have a vCenter controller vDS and have NSX-T make the portgroups for the logical segments (like the grey box in the picture). This way you have a similar setup like you are used to in NSX-V. The VM still needs to be connected to an NSX-T logical segment to use the NSX-T functionality, but the portgroup is shown as a ‘normal’ vDS portgroup with a ‘N’ sign on it. To show that this portgroup is managed by NSX-T.

In the next couple of blog posts I’ll continue with other things I showed in my vNS TechCon presentation like, the lab setup, the L2 bridge, vMotion between NSX-V and NSX-T and the migration from N-VDS to the vDS version 7. For this last part there are also some command line options (or API calls) available since NSX-T 3.0.2, which I also would like to demonstrate.

Thanks for reading so far.