Because of changes in the vCloud Director networking infrastructure, existing networks and services are sometimes modified by the upgrade process. While none of these modifications affect existing network connections, post-upgrade reconfiguration might be required for some network services.

When you upgrade vCloud Director to this release, existing organization networks are converted to use the new vCloud Director networking infrastructure. You can expect to see the following changes in your upgraded organization networks.

Routed organization networks become routed organization vDC networks. These networks are connected to an Edge Gateway in one of your organization vDCs. Services, such as NAT and firewall, that had been defined in the organization network are now defined in the Edge Gateway. If your organization has multiple vDCs, organization vDC networks created during an upgrade are shared across all vDCs in the organization.

Isolated organization networks become isolated organization vDC networks.

Directly connected organization networks are unchanged.

New organization VDC networks use the network pool assigned to the organization VDC in which the network is created.

NAT rules in routed organization networks are converted to Edge Gateway NAT rules. The effect of each rule remains the same, though the rule is expressed differently. See the vCloud Director Administrator's Guide for more about NAT rules. NAT rules in routed vApp networks are unchanged.

Firewall services and firewall rules have been changed to allow greater flexibility in configuration in both Edge gateways and vApp networks.

After an upgrade, all firewall services in Edge Gateways and routed vApp networks are running in compatibility mode, which preserves the operational semantics of their firewall rules. After you convert existing firewall rules to the current format, you can upgrade your networks to remove the limitations imposed by compatibility mode. See the vCloud Director Administrator's Guide for more about firewall rules.

Several limitations apply while the system is in compatibility mode.

Each EdgeGateway can support exactly one uplink and one internal interface, so there can be only one routed organization vDC network per Edge Gateway.

Version 5.1 firewall rules cannot be created in a firewall service.

To remove these limitations, see Reconfigure Edge Gateways and vApp Networks to Enable Normal Operation