【原创】AVI迁移工具使用指南-03-迁移步骤

本章节以NSX-LB为One ARM+SNAT+Overlay的使用场景举例,进行NSX-LB到NSX-ALB的迁移

配置转换

第1步:运行配置转换脚本,将 NSX-LB配置转换成NSX-ALB配置并同步到NSX-ALB

python3 nsxt_converter.py –nsxt_ip 192.168.60.130 –nsxt_user admin –nsxt_password Lab@20220315 –alb_controller_ip 192.168.60.80 –alb_controller_user admin –alb_controller_password Lab@20220315 –ssh_root_password Lab@20220315 –alb_controller_version 21.1.6 –vs_filter WEB-VS02 –option auto-upload

 第2步:查看NSX-ALB VS状态,Traffic Enable并未勾选。

NSX-ALB Applet etS Opera t IC_VIS Dashboard Virtual vs VIPs GSLB Templates Infrastructure View VS Tree Ad m I n Strat.on Displaying Past 6 admin CREATE VIRTUAL SERVICE o vs-K8s-0C1-DNS vs-WEBOI vs.WEE01.NSx.Ded VS-WEB02.NSX-Ded vs-v.'EB02-Nsx-Sha„2 wEa-vs02 ws-P02 n sx_AVLCOL 172161.101:80 172161.116:80

• 100d • • sałyo'd • q noap -zosA-EM • ssa•ppv dlA • zosA-83M sbuuas ZOSA-E•3M :aayuas lenv!A upa ołeoąusea suone"lddv env-xsN Mue,

 第3步:在Client侧进行验证,确认流量并未通过NSX-ALB,而是依然由NSX-LB提供

1 翼 , 1 1 , レ 、 当 日 0 物 新 き ( ) & 172 」 & 1 」 2 ヨ ロ 移 設 上 的

vmw NSX•ALB Applications Operauons mfrasrructure Aarmrvstratlon 14 2023 11:39 AM Jul 14. 2023 5:39 PM e Virtual S Log S Service: WEB-VS02 Health Clients Security Events Virtual Services e vs VPs pool Groins $ GSLe services Total O Logs (Log iSON) Alerts NO logs for this timeframe and titers Lon Logs Displaying Past 6 Hours Sum Log Analytics -

Log ht ~ 1611 ~ 3 01 ~ 0 0 」 3

流量切换

第1步:运行流量切换脚本,将流量从NSX-LB切换至NSX-ALB

python3 nsxt_traffic_cutover.py –nsxt_ip 192.168.60.130 –nsxt_password Lab@20220315 –alb_controller_password Lab@20220315 –vs_filter WEB-VS02

python3 —nsxt_i Lab@2ø22ø315 • —vs_fitter WEB-VSø2 @2e22ø315 — Log File Location: output Performing cutover for VS Disconnected traffic for VS WEB-VS02 on NSX-T Enabled traffic for VS WEB-VSe2 on ALB Completed cutover for VS WEB—VSe2 p 192.168.6ø.13ø —nsxt_passwo • La

第2步:确认NSX-ALB侧的Traffic Enable选项已经自动使能。

第3步:通过客户端访问后,在NSX-ALB日志中已经可以看到访问日志,在切换过程中通过windows终端ping VIP地址只丢一个包。

N SX-A LB Virtual vs VIPs GSLB ces Virtual Analytics Logs Service: WEB-VS02 Heath Clients Security Events Alerts Total O Logs (Log Throttling is ON) admin Displaying Past 6 Hours Summaries Log Analytics Tir*Tsramp 07/14 60354 PM 07/14 07/14 PM 07/14 60383 PM 07/14 605253 PM 07/14 PM 07/14 PM 07/14 PM 07/14 PM 192168160120 192168160120 192168160120 192168160120 192168.160120 224 a 136 B 14.2023 1206 PM • Jul 14, 2023 6:06 PM Nonsignificant Low Signir•cant Logs 14ms

R ep1y 172.16-1.12]: Βαρ] y R e-ply 172.16.1.Ι23: R .ply 172.16.1.12]. Βαρ] y R e-ply R .ply 172.16.1.12]. Βαρ] y R e-ply 172.16.1.Ι23: R .ply 172.16.1.12]. Βαρ] y R e-ply 172.16.1.Ι23: R .ply 172.16.1.12]. Βαρ] y R e-ply 172.16.1.Ι23: R .ply 172.16.1.12]. Βαρ] y R e-ply 172.16.1.Ι23: R .ply 172.16.1.12]. Βαρ] y R e-ply 172.16.1.Ι23: R .ply 172.16.1.12]. Βαρ] y 1'2.16.1,123; bytes 1'2.16.1,123; bytes 172.16.1.Ι52: 1'2.16.1,123; bytes 1'2.16.1,123; bytes 1'2.16.1,123; bytes 1'2.16.1,123; bytes 1'2.16.1,123; bytes 1'2.16.1,123; bytes bytes.]l • bytes bytes • bytes • bytes • bytes • bytes • bytes 32 32 32 32 32 32 32 ΤΤΙ-61 ΤΤΙ-6Ι ΤΤΙ-61 trl,L1 τη -61 ΤΤΙ-6Ι ΤΤΙ-61 ΤΤΙ-6Ι ΤΤΙ-61 ΤΤΙ-6Ι ΤΤΙ-61 ΤΤΙ-6Ι ΤΤΙ-61 ΤΤΙ-6Ι ΤΤΙ-61 ΤΤΙ

第4步:在NSX中也可以看到对应的T1下加入对应到VIP的静态路由。

Tier-I Gateways Tiera Gateways Loa:i Set Static Routes Tier.' Gateway TM3W01 Route by Pam and 172.161123/32 CLOSE

N sx-T Tier-I Gateways Tier-I Gateways Next Hops Tier. 1 Gateway TI.GWOI To 172.16. no static Route nsx-WEB.vs_ CLOSE

 第5步:在NSX的LB部分相关对象已经Disable。

N SX-T Ne tworking CO Network Overv•w Network Topology Tier-O Gateways Tier- 1 Gateways Segments VPN EVPN Tenant 3. NAT Advanced Load Balaru;er Load BalancÉ19 Sec urity Plan & Troubleshoot System 31. NSX-T Data now "traduces a advanced bOncer_ Cle on to start today Load Balancing Load Balancers Virtual Servers ADD LOAD Server Pools p rot.es Monitors Load a alancer w-LB03 ru;w-LB01 admin Do TVs again o by path • Sucæs • Success C

sıouuo'•' 'ama-S EOd-SM sıa,uas ıenuA sımueıee 6upueıee pem 8 ıou 00 'Kepm bupoıdxa poşu 'Apv • sa:xponu! Mou L•XSN ZE ül umsKs ıoousaıqrKüA ueld Ü ö pem pem paauenpv Â6010aOA 5wxx:waaN L-xsN

回滚

第1步:运行回滚脚本将流量回切到NSX-LB

python3 nsxt_rollback.py –nsxt_ip 192.168.60.130 –nsxt_user admin –nsxt_password Lab@20220315 –alb_controller_ip 192.168.60.80 –alb_controller_version 21.1.6 –alb_controller_user admin –alb_controller_password Lab@20220315 –vs_filter WEB-VS02

python3 ssword Lab@2e22ø315 192.168.6ø.8e 21.1.6 —alb_controUer_ 2 Log File Location: output Performing rollback for VS WEB-VSØ2 Disconnected traffic for VS WEB—VS02 on ALB Enabled traffic for VS WEB-VS02 on NSX-T Completed Iback for VS WEB—VSØ2 nsxt user _ rollback. py --nsxt_ip 192.168.6ø.130 —nsxt_user admin —nsxt_pa admin —vs_filter WEB—VSe Total Warning: e Total Errors: The time Of execution Of above ro ram is •

第2步:运行脚本后,检查VS的Traffic Enable已经取消,并且VS处于Disable状态

N S X -AL a Application S Dash boarO Virtual Edit Virtual Service: WEB-VS02 WEB.VS02 • VIP Address • WEB -vs02-mip • Seryice Port • VS O TCP'UDP O hppliati" O defn It e WAF O 80t Det«tim Policy O CAP O Page O • Profiles • Switch to

 第3步:通过客户端访问后,借助vRNI查看NSX-LB日志中已经可以看到访问日志,在切换过程中通过windows终端ping VIP地址只丢一个包。

ply 172.16.1.123: TTL-61 ply rtL.61 ply 172.16.1.123: ply 172.16.1.123: TTL-61 ply rtL.61 ply 172.16.1.123: ply ply 172.16.1.123: ply 172.16.1.123: ply ply 172.16.1.123: ply 172.16.1.123: ply ply 172.16.1.123: ply 172.16.1.123: ply ply 172.16.1.123: ply 172.16.1.123: ply ply 172.16.1.123: ing + rom + rom + rom + rom + rom + rom byte —32 172.16.1.123; bytes bytes bytes 172.16.1.123; bytes bytes—Q 172.16.1.123; bytes bytes bytes 172.16.1.123; bytes bytes bytes 172.16.1.123; bytes bytes bytes 172.16.1.123; bytes bytes bytes 172.16.1.123; bytes bytes—Q time time time time time time time 75, TTL -61 statistics 172.16.1.123; Received - packets: Se t n 76, proximate round trip tiæs in TTL -61 TTL-Sl TTL -61 TTL-61 rtL.61 TTL -61 -4" TTL-61 tiæ-s„ rtL.61 TTL -61 -19" TTL-Sl tiæ-4% rtL.61 TTL -61 - ax loss), Lost Maxi" 4"

A screenshot of a computer Description automatically generated

配置清除

第1步:脚本运行前配置状态检查

NSX-T Network Network €B Tier•o Gateways €9 Tier•l Gateways Segments VPN EVPN Tenant 3. NAT Advanced Load Balancer Forwarding Policies PIM & System 3.2. NSX-T Data a Cle ttw to sta rt today Load Balancing B Servers SERVER w EB-vs03 S— P 001 s EXPAND ALL Do tws by N". Path '721699.123 172161123 "2.16.99.122 01

NSX-T Ne tworking Network Ovenriew Network Tier•o Gateways €9 Tier•l Gateways Segments VPN $ EVPN Tenant A. NAT Advanced Load Balancer Load Balanchg G, Forwarding Policies Sec urity Plan & Troub&shoot System 12. NSX-T Data a to sta rt today Load Balancing Load Balancers Virtual Servers SERVER wS-P02 Sewer pools P rof&s Monitors ALL admin Do sym tNs Fiter by N". Path Round RO

第2步:运行配置清除脚本

python3 nsxt_cleanup.py –nsxt_ip 192.168.60.130 –nsxt_user admin –nsxt_password Lab@20220315 –vs_filter WEB-VS02

python3 nsxt_cteanup.py —nsxt_ip 192.168.6ø.13ø —nsxt_user admin —nsxt_pas sword Labe2e22ø315 —vs_filter WEB-VSø2 Log File Location: output Performing cleanup for VS WEB—VSØ2 Deleted VS WEB-VSØ2 from NSX-T NO cleanup performed on application profile as default (system owned) application profile is attached Performed cteanup of referenced pool No cleanup performed on monitor as default(system owned) monitor is attached Total Wa rning : Total Errors: The time of execution of above program is :

第3步:脚本运行后配置状态检查,发现Virtual Servers和ServerPools已被删除

NSX-T Netw«king O Tier•o Gateways O Tiera Gateways €J segments EVPN Tenant NAT Advanced O)ad Balancer Load Balancing Policies System 3.2. NSX-T Data a p—tul to start Load Balancing Load Balancer S Virtual Servers ws-P01 WS-P03 Server POO'S Profiles ALL admin Do st-m tws again X Filter by Name. Path and Sucæs

注意事项 

NSX 对象的API问题

对于NSX下涉及LB的对象创建完成后不要随意改名,否则会出现API路径不一致问题。

例如:名称虽然是WS-P01,但是copy path出来的是改名之前的名称/infra/lb-pools/WS-P03,最终导致脚本输出调用的API错乱。

NSX-T Netw«king Net O Tier•o Gateways Q) Tiera Gateways €J segments @ VPN Security System 3.2. NSX-T Data a p—tul Od la r. to stut Load Balancing Load Balancer S Virtual Servers POOL ws-P01 SNAT Mode Server POOE Profi Mon S Robin EXPAND ALL Do this again Filter by Name. path and VIEW STATISTICS

Inline模式下的迁移

如果是NSX-LB Inline模式下的VS迁移,因为需要将服务器的返回流量重定向到SE,会有如下的一些额外步骤。

脚本自动创建部分:

#1通过脚本会自动生成如下Application Profile,并关联在对应的VS服务

#2会在NSX 配置服务插入(每个T1创建后会生成缺省的Locale-Service ),并配置重定向策略,将重定向到SE的FloatingIP。

A screenshot of a computer Description automatically generated

#3 自动创建A/S模式的SEG,并关联到NSX-LB迁移过来的Inline模式的VS

如下部分需要手动完成:

#1 SE的数据网络URPF需要设置为None

NSX-T @ Network Network Tier-O Gateways €9 Tier•l Gateways VPN $ EVPN Tenant NAT Advanced Load Balancer Load Forwarding Policies Sec urity Segments Plan & admin A NAGER Distributed Port Group S PROFILES DHCP Profile S ADD E nt« any Sem u plir* eMning Policy EXPAND Met Miata Ente List of VLANs 347S9 go Click to Filter by and

#2浮动IP需要手工设置

[admin:192-168-60-81]: > configure networkservice 192.168.60.130-PreserveClientIP-T1-GW-LB03-ns

[admin:192-168-60-81]: networkservice> routing_service

[admin:192-168-60-81]: networkservice:routing_service> edit routing_service

– addr: 0.0.0.0

type: V4

advertise_backend_networks: false

enable_auto_gateway: false

enable_routing: false

enable_vip_on_all_interfaces: true

enable_vmac: false

floating_intf_ip:

– addr: 172.16.21.200

type: V4

graceful_restart: false

routing_by_linux_ipstack: false

Leave a Reply