VMware NSX-T Data Center 2.3 Released

VMware has released NSX-T Data Center 2.3.0.

What's New:

Introducing NSX-T Data Center Support for Bare-Metal Hosts

Bare-metal support includes Linux-based workloads running on bare-metal servers and containers running on bare-metal servers without a hypervisor. NSX-T Data Center leverages the Open vSwitch, to enable any Linux host to be an NSX-T Data Center transport node.

  • Bare-Metal Server Support: includes native compute workloads running RHEL 7.4, CentOS 7.4, and Ubuntu 16.0.4 operating systems to allow users to network bare-metal compute workloads over VLAN, overlay backed connections, and to enforce micro-segmentation policies (stateful Layer 4 enforcement) for Virtual-to-Physical and Physical-to-Physical communication flows.
  • Bare-Metal Linux Containers Support: runs Docker Containers using Kubernetes and RedHat OpenShift Container Platform on bare-metal Linux hosts with RHEL 7.4 or RHEL 7.5.

NSX Cloud Enhancements

  • Support for AWS Deployments: NSX Cloud support for AWS workloads. 
  • Automatic NSX Agents Provisioning in Azure VNETs
  • VPN Support Between On-Premise to Public Cloud: includes built-in VPN capabilities within the NSX Cloud Public Cloud Gateway using APIs. You can use the VPN capabilities to create IPSEC links between the following:
    • Managed compute Amazon VPCs/Azure VNets and third-party service VMs in transit Amazon VPCs/Azure VNets
    • Managed Amazon VPC/Azure VNET and an on-premise VPN device
  • Expanded OS Support for NSX Cloud Agent: NSX Cloud supports RHEL 7.5 operating systems in the public cloud.

Security Services Support

Introducing Service Insertion at the Routing Tiers

  • Service Insertion Support on Tier-0 and Tier-1 Routers: includes the ability to onboard third-party security solutions, deploy a High Availability third-party security solution at Tier-0 or Tier-1 or both and insert the third-party security solution via redirect policy.
    Check the VMware Compatibility Guide – Network and Security for the latest certification status of third-party solutions on NSX-T Data Center.

Distributed Firewall Enhancements

  • Multiple Section Support in NSX Edge Firewall: adds multiple sections in the NSX Edge Firewall for ease of manageability
  • Firewall Rule Hit Count and Rule Popularity Index: monitors rule usage and quick identification of unused rules for clean-up
  • Firewall Section Locking: enables multiple security administrators to work concurrently on the firewall
  • Grouping Objects: supports an object to be added to a group if it matches all five specified tags, which was previously two tags
  • Tag Length: increases tag length value from 65 to 256 and tag scope from 20 to 128

Network and NSX Edge Services Support

  • Overlay Support for Enhanced Data Path Mode in N-VDS: in conjunction with vSphere 6.7, the Enhanced data path mode in N-VDS for NSX-T Data Center 2.3 supports NFV style workloads requiring high-performance data path.
  • Support for Stateful NAT and Firewall Services on the Centralized Service Port
  • API Support to Clear All DNS Entries on DNS Forwarder: provides the ability to clear all the DNS cache entries in a single API call on a given DNS forwarder. This command is useful when a DNS server is giving wrong answers and to avoid waiting for the DNS entry timeout after the DNS server is fixed.
  • Load Balancer Enhancements
    • Support for Pre-Defined Cipher List:  Pre-defined SSL profiles for HTTPS VIP for higher security or performance.
    • Load Balancer Rule Enhancement: new Load Balancer rules, delete header actionSSL match condition, and Assign variable on match condition.
    • Load Balancer Support on Stand-Alone Service Router: provides the ability to deploy a load balancing service on a service router that does not have a router port.

User Interface Enhancements

  • New Language Support: user interface now available in English, German, French, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish.
  • Enhanced Navigation and Home Page: new home page highlights search and at-a-glance summary of the system.
  • Enhanced Search: search includes type-ahead suggestions, which are accessible from the home page.
  • Network Topology Visualization: provides the ability to monitor communications from group-to-group, VM-to-VM, and process-to-process. You can visualize relationships between network objects such as, logical switches, ports, routers, and NSX Edges.

Operations and Troubleshooting Support

  • Install and Upgrade Enhancements 
    • NSX-T Data Center in a Stateless vSphere Environment: enables additional deployment options by providing support for stateless ESXi hosts that use vSphere Auto Deploy and Host Profiles. The feature support requires vSphere 6.7 U1 or higher.
    • Support for NSX Edge VM and Bare-Metal to Co-Exist in the Same NSX Edge Cluster: NSX Edge nodes VM and bare-metal can now exist in the same NSX Edge cluster to simplify the scaling of services hosted on the NSX Edge node, such as load balancer.
    • Modular NSX-T Data Center Upgrade: includes support for modular upgrade in the Upgrade Coordinator. You can upgrade only the NSX-T Data Center components that have changed in the new release version. This added functionality reduces the operational overhead of patching an NSX-T Data Center version.
  • Monitoring and Troubleshooting
    • ERSPAN for KVM Hypervisor: includes support for port mirroring on KVM – ERSPAN Type II and III.
    • Use Traceflow to and from Tier-0 Logical Router Uplinks: provides the ability to generate traceflow traffic from the Tier-0 logical router uplinks and report the receiving of traceflow packets on Tier-0 logical router uplinks to simplify the troubleshooting operations to include the northbound interfaces of the NSX Edge nodes in traceflow reporting.
    • CLI Support to Shut Down DPDK Ports on Bare-Metal Edge Node: provides the ability to shut down a port claimed by DPDK on the bare-metal NSX Edge node to simplify port isolation during installation and troubleshooting operations.

Automation Support

  • Ability for the Neutron Plugin to Provision Overlay Logical Switch Backed by Enhanced Datapath: NSX Neutron plugin offers the ability to leverage Enhanced Data Path mode for overlay, which used to be VLAN only. With this supports you can take advantage of the Enhanced datapath performance in addition to the OpenStack environment for instance, for the NFV related workload. 
  • Support for Co-existence of NSX Products with OpenStack: NSX Neutron Plugin now supports managing both NSX Data Center for vSphere and NSX-T Data Center simultaneously for an OpenStack implementation.
  • Ability to Consume VPN as a Service Feature in OpenStack: support for OpenStack VPNaaS in the Neutron extension in OpenStack that introduces VPN feature set.

NSX Container Plug-in (NCP) Support

  • Concourse Pipeline to install NSX-T Data Center
  • Annotation for Load Balancer SNAT IP: SNAT IP for a load balancer is annotated in a Kubernetes service of type LoadBalancer, ncp/internal_ip_for_policy: <SNAT IP>, and added to the service's status, status.loadbalancer.ingress.ip: [<SNAT IP>, <Virtual IP>]. This IP can be used to create network policy which allows this IP CIDR.
  • Kubernetes Network Policy Enhancement: provides the ability to select pods from different namespaces with Kubernetes network policy rules.
  • Kubernetes Load Balancer/SNAT Annotation Improvement
    • If NCP fails to configure a load balancer for a service, the service will be annotated with ncp/error.loadbalancer.
    • If NCP fails to configure an SNAT IP for a service, the service will be annotated with ncp/error.snat.
  • Session Persistence of NSX-T Date Center Load Balancer for Kubernetes Ingress and OpenShift Routes
  • Cleanup Script Enhancement

See the full release notes here: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.3/rn/VMware-NSX-T-Data-Center-23-Release-Notes.html?src=vmw_so_vex_akjaer_1025

 

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.