vCloud Network Isolation (VCDNI or VCNI) is legacy mechanism to create overlay logical networks independently from physical networking underlay. It was originally used in VMware vCenter Lab Manager (where it was known as Cross Host Fencing). vCloud Director offers it as one of many mechanisms for creation of logical networks (next to VXLAN, VLAN and port group backings). VCDNI uses VMware proprietary MAC-in-MAC encapsulation done by vCloud Agent running in ESXi host vmkernel.
It has been for some time superseded by VXLAN technology which is much more scalable, provides better performance and is industry standard technology. VXLAN network pools have been available in vCloud Director since version 5.1.
VCDNI is consumed by manual creation of a vCloud Network Isolation backed Network Pool that is mapped to an underlay VLAN network with up to 1000 logical networks for each pool (VLAN).
As a deprecated and obsolete technology it is no longer supported in vSphere 6.5 and vCloud Director 8.20 is the last release that will support such network pools. vCloud Director 8.20 also provides simple mechanism to perform low-disruption migrations for Org VDC and vApp networks to VXLAN backed networks. Such migration must be done before upgrade to vSphere 6.5 (see more in KB 2148381).
The migration can be performed via UI or API by system administrator with Org VDC granularity.
Migration via UI
- For an Org VDC using VCDNI network pool open in the System tab – Manager & Monitor, Org VDC properties (note that doing the same from Org tab will not work).
- Go to Network Pool & Services tab and change VCDNI backed network pool to VXLAN backed one and click OK.
- Again open Network Pool & Services tab of the Org VDC. Migrate to VXLAN button will now appear.
- Click the button, confirm the message and start the migration.
- After while the Org VDC status will change from busy to ready and the migration is finished. Details (and possible errors) can be reviewed in the Recent Tasks of the Audit Log.
Migration with vCloud API
Org VDC network migration is triggered by single API POST call at the Org VDC level.
POST /api/admin/vdc/<org VDC UUID>/migrateVcdniToVxlan
Content Type: application/vnd.vmware.admin.vdcnitovxlanmigration+xml
The Process
The following happens in the background when migration is triggered for each VCDNI backed network in an Org VDC:
- ‘Dummy’ VXLAN logical switch is created
- All VMs connected to VCDNI network are reconnected to the new VXLAN logical switch
- Edge Gateways connected to VCDNI network are connected to the new VXLAN logical switch
- Org VDC/vApp network backing is changed in vCloud DB to use the new VXLAN logical switch
- Original VCDNI port group is deleted
Small network disruption is expected during VM and Edge Gateway reconnections. The following Recent Tasks picture from vSphere Client shows what is happening at vCenter Server level and how much time each task could take. In the example there was one Org VDC network and one vApp network migrated with VM1 and Edge Gateway ACME-GW2 involved.
Update 5/8/2017: Engineering informed me that it was reported that due to vSphere bug, during the migration fenced parameters are not removed from NSX Edge VMs vmx file. This impacts the Edge connectivity to migrated network. As a workaround redeploy the Edge Gateway after the migration.
Tom Fojta's Blog 