Intro
In my previous posts I configured a host cluster as a Micro Seg only deployment using the Wizard and Manually, in this post I’ll detail how we can change the deployment to a full NSX deployment.
Whether you deployed manually or used the wizard the system configuration comes from the Transport Node Profile that is applied to the cluster.
It’s logical that simply changing the applied profile will change the deployment type and this is true however you must remember that we have deployed NSX VLAN port groups which are associated with the nsx VLAN transport zone and that zone is part of the transport node profile.
If we simply change the attached profile to one using an Overlay then we will get an error as the hosts already have the VLAN backed Segments attached.
So how do we migrate this cluster to a full overlay backed deployment without breaking the existing VM’s VLAN networks?
There are few different approaches such as implementing new hosts and doing a clean install to them then migrating the workload VM’s but that is dependant on you having spare hosts sitting around which most customers do not have.
The other approach is to do an in place deployment and for that we can do it a few different ways.
Given that the configuration is tied to the Transport Node Profile we can simply make changes to the profile which will then update the hosts in the cluster.
If you are using a single Transport Node profile for all clusters but don’t want to make the changes to all of the clusters then you can either create a new Transport Node Profile that includes the Overlay Transport zone and the existing VLAN Transport Zone and apply that to the cluster or we can make the changes on the hosts themselves. Changing the hosts individually is a lot more manual work and is not the best approach.
The Build
I’m going to cover all options here, the steps to migrate the workloads and create the segments are the same so I’ll cover that at the end. I’ll even throw in how it’s done if we have an N-VDS configuration.
Edit the Transport Node Profile
If you only have a single cluster or if you are making the change on all clusters together then updating the Transport Node Profile that the system generated during the micro seg wizard deployment or the one you created during a manual deployment is a valid option.
Navigate to System, Fabric, Profiles, Transport Node Profiles select the relevant profile and click EDIT.
From here we can rename the profile if we choose to.
We need to add the Overlay Transport zone to the profile but we also need to leave the VLAN transport zone in place as our VLAN Segments are attached to it. Click the drop-down and select your Overlay TZ or create a new one if you need to.
We can also change the Uplink Profile, remember the default one has 4 Uplinks but my Manually deployed one I used just 2 Uplinks. This step is not needed but can be done. If you change it the teaming policy mapping will be cleared.
Select the IP assignment ‘Use IP Pool’ in my case and define the IP Pool.
Now remap the uplinks to the VDS Uplinks.
Click SAVE
Switch back to System, Fabric, Nodes on the Host Transport Nodes tab select the vCenter to see the update progress on the cluster.
If I click on a host I can see that it is now part of both Transport Zones and has two TEP IP’s assigned
I’m running a continuous ping from my 3 Tier App VM’s to prove that there is no loss in connectivity which there wasn’t.
Edit the Hosts
Editing the individual hosts is possible but entails doing it one by one for each host so for production deployments it’s not the best approach, you’ll also get a warning that the hosts is not in compliance with the profile attached to the cluster.
To change the hosts navigate to System, Fabric, Nodes select the vCenter then select a single host and click CONFIGURE NSX
We won’t change anything on the first screen so click NEXT
The steps now are the same as the edit profile method.
Select the Overlay Transport zone from the drop-down or create a new one if you need to.
You can change the Uplink Profile which will mean remapping the Uplinks.
Select the ‘Use IP Pool’ option
Select the IP Pool then map the Uplinks to the VDS Uplinks
Click Finish
Here’s the Mismatch warning.
Clicking the Host we can it’s part of two Transport Zones and has two TEPs
Repeat for the other hosts.
If we detach the Transport Node Profile from the cluster by selecting the Cluster and click ACTIONS then click Detach Transport Node Profile
Then clicking DETACH
We can see that it doesn’t clear the warning.
If we click MATCH CLUSTER CONFIGURATION and then PROCEED
The message suggest that the system will create a new Transport Node Profile and assign it to all hosts in the cluster.
However it can’t do that as the message states ‘Undefined profile will be applied’ since that means there is no defined profile there is nothing it can assign so the hosts will always show a mismatch.
This is another reason why this method is not a good approach.
Assign a New Transport Node Profile.
This would be my preferred approach if the system had been deployed using the wizard since I can control which cluster has the profile assigned and I can make all the changes directly in the profile without affecting the other clusters.
The approach is very similar to the first where we edited the system created profile.
If I already had a Transport Node profile that I’d used for a Full NSX deployment and I edited that it would change the full deployment cluster as well! so be aware of what it is you are changing.
In that instance I would create a new profile.
If I don’t have a full NSX deployment then I can just create a Transport Node Profile the same as I would for a full deployment but also include the VLAN transport zone where our VLAN Segments are.
Since I am deploying this on my DC2 NSX environment which doesn’t have a full deployment I can just edit the full deployment profile that I created ready for the full deployment.
Navigate to System, Fabric, Profiles, Transport Node Profiles Select the profile and click EDIT
The only change I need to make is to add the VLAN Transport Zone where the VLAN Segments are assigned. then click SAVE
I now simply have to apply the profile to the Cluster.
Navigate back to System, Fabric, Nodes on the Host Transport Nodes tab select the vCenter then select the cluster and click CONFIGURE NSX
Select the Transport Node Profile and click APPLY.
The hosts now have the Full deployment Transport Node Profile (with the addition of the VLAN transport zone) attached and applied.
Clicking a host shows the Transport Zones and two TEPs.
N-VDS
The steps for an N-VDS change are basically the same.
Navigate to System, Fabric, Profiles either create a new one using an N-VDS or edit an existing one. I have an existing one so I select it and click EDIT
I can change the name, Add the Overlay TZ or create an new one.
I can change the Uplink profile which we know will mean re-mapping the uplinks, set the IP assignment to ‘Use IP Pool’ and select the Pool.
Then remap the Uplinks to the Physical uplinks take note its vmnics this time.
Click SAVE
Navigate back to System, Fabric, Nodes and we can see the cluster now has TEPs if this is a new profile then you would select the cluster and click CONFIGURE NSX then change the assigned profile just as you did for the vDS configuration above.
Create Overlay Segments.
The next step is to create our Overlay Segments for Web, App and DB.
The process is the same as before but we pick the Overlay transport zone instead.
Now we can name them Web, App and DB just as we did for the VLAN Segments but we already have two port groups called Web,App and DB so it may get a little confusing yes in my lab I can delete the old vDS managed portgroups to leave me with just the two NSX portgroups but in a production deployment you may not be able to remove the old portgroups so using different naming conventions is a good approach.
FYI if we use the same name we can see that there are two NSX Segments shown with an N icon the way to tell them apart is the VLAN backed portgroup has the VLAN Tag whereas the overlay one doesn’t.
Editing a single VM it becomes less obvious which NSX Segment is the correct one so we’ll use a new naming convention for the Overlay Segments.
Navigate to Networking, Segments the click ADD SEGMENT
Give it a name and assign it to the Overlay Transport Zone.
Scroll down.
Click SAVE
Click NO
Repeat for the remaining Segments.
Steps needed before we migrate the VM’s
Before we can migrate the VM’s we will need to configure the rest of the NSX deployment i.e. create the Tier-0 and or Tier-1 gateways otherwise when we migrate our VM’s they will not be able to communicate with each other. I’m not going to cover those steps in this guide as this post is already long enough and I am planning to do a Federated build next so I’ll cover the deployment of those items during that build.
For details on how to deploy the Tier-0 and Tier-1 you can use my 2.5 lab guide posts.
NSX-T Lab: Edge Node
NSX-T Lab: Edge Cluster
NSX-T Lab: Tier 1 Gateway
NSX-T Lab: Tier 0 Gateway
Once you have these in place continue with the rest of the migration.
Migrate the VM’s
We now need to migrate the VM’s to the new Overlay Segments.
This is the same process as we did when we created our micro seg only deployment.
Again we can do this on each individual VM but it’s simpler to do it in bulk.
Go to your vCenter, select the ‘Networking’ tab and select the vDS.
Right click the old Port Group and select Migrate VMs to Another Network
Click BROWSE
Select the appropriate NSX-T Segment, note that the Segments appear twice as we have hosts in the transport zone that are configured for N-VDS and vDS the N-VDS Segment is the second one from the bottom without the N icon Also note that it doesn’t display an ‘NSX Port Group ID’ and obviously no Distributed Switch
Click OK
Select the VM’s to migrate and click NEXT
Click Finish
Repeat for the remaining VM’s
In my deployment I have a second cluster built with an N-VDS the process to migrate is the same except the networks are not part of the vDS.
For this VM I select the N-VDS backed Segment.
The VM’s are now migrated to the vDS or N-VDS NSX Segments and should be able to communicate with each other.
Final cleanup
Since we now no longer need our old VLAN backed segments or VLAN transport zone we can clean up those elements.
First we can delete the VLAN Segments.
Navigate to System, Segments click the ellipse for the segment and select Delete
Confirm by clicking DELETE
Repeat for the remaining VLAN Segments.
Next we can remove the VLAN transport zone from our Transport Node Profile. Navigate to System, Fabric, Profiles Select which ever profile is currently assigned to your cluster be that the new one you created or the system generated one, click EDIT
Remove the VLAN transport Zone by clicking the x in the corner.
Click SAVE.
Looking back on our Nodes we can see that the host is now part of just the Overlay Transport Zone.
And we that we are finished finally!