The user needs to decommission a Tier-0 Gateway in an NSX environment. While no Tier-1 Gateways or Segments are currently attached, the Tier-0 Gateway has multiple VRF Lite instances connected with active BGP peering sessions.

VMware NSX

Standard decommissioning of a parent Tier-0 Gateway is blocked if child objects, such as VRF instances or active routing protocols, are still provisioned.

Precautions:

• Traffic Validation: Ensure there is no active production traffic passing through the VRFs or the parent Tier-0 Gateway before starting the decommissioning.

•  NOTE: Confirm that all necessary maintenance window approvals and architectural sign-offs are in place for the removal of these routing components.

• Configuration Backup: Perform a manual NSX backup before starting the decommissioning process.

• Service Impact: Confirm no management traffic or specialized services (e.g., Load Balancing, VPN) are pinned to these VRFs.

Step-by-Step Decommissioning:

1. Remove VRF BGP Neighbors:

   • Navigate to Networking > Tier-0 Gateways.

   • Edit each VRF Gateway associated with the parent Tier-0.

   • Go to BGP > Neighbors and delete all configured neighbors.

2. Delete VRF Gateways:

   • Once BGP is cleared, delete each VRF Gateway instance.

   • If the deletion fails, ensure no stale Route Maps or Prefix Lists are explicitly tied to the VRF.

3. Clear Parent Tier-0 BGP and Routing:

   • Edit the parent Tier-0 Gateway.

   • Disable BGP and remove any static routes.

   • Delete BGP Neighbors on the parent Tier-0 if any exist.

4. Remove Uplink Interfaces:

   • Navigate to Interfaces on the Tier-0 Gateway.

   • Delete all Uplink interfaces. This includes interfaces on the parent Tier-0 used for external connectivity.

5. Delete the Tier-0 Gateway:

   • Select the Tier-0 Gateway and click Delete.

• NSX Tier-0 Gateway Configuration Guide

• VRF Lite Configuration and Limitations