What’s New in VMware NSX-T Data Center 2.3:
NSX-T Data Center 2.3 is the incremental upgrade release that enhances the new multi-hypervisor platform delivered for cloud and containers.
Here are the new features and enhancements in the NSX-T Data Center 2.3 release:
Introducing NSX-T Data Center 2.3 Support for Bare-Metal Hosts
Bare-metal support includes Linux-based workloads running on bare-metal servers and containers running on bare-metal servers without a hypervisor. NSX-T Data Center leverages the Open vSwitch, to enable any Linux host to be an NSX-T Data Center transport node.
- Bare-Metal Server Support: includes native compute workloads running RHEL 7.4, CentOS 7.4, and Ubuntu 16.0.4 operating systems to allow users to network bare-metal compute workloads over VLAN, overlay backed connections, and to enforce micro-segmentation policies (stateful Layer 4 enforcement) for Virtual-to-Physical and Physical-to-Physical communication flows.
- Bare-Metal Linux Containers Support: runs Docker Containers using Kubernetes and RedHat OpenShift Container Platform on bare-metal Linux hosts with RHEL 7.4 or RHEL 7.5.
NSX Cloud Enhancements in NSX-T Data Center 2.3:
- Support for AWS Deployments
- Automatic NSX Agents Provisioning in Azure VNETs
- VPN Support Between On-Premise to Public Cloud: includes built-in VPN capabilities within the NSX Cloud Public Cloud Gateway using APIs . Here are the use cases for the VPN to create IPSEC between:
- Managed compute Amazon VPCs/Azure VNets and third-party service VMs in transit Amazon VPCs/Azure VNets
- Managed Amazon VPC/Azure VNET and an on-premise VPN device
- Expanded OS Support for NSX Cloud Agent: NSX Cloud supports RHEL 7.5 operating systems in the public cloud.
Security Services Support
Introducing Service Insertion at the Routing Tiers
- Service Insertion Support on Tier-0 and Tier-1 Routers: includes the ability to onboard third-party security solutions, deploy a High Availability third-party security solution at Tier-0 or Tier-1 or both and insert the third-party security solution via redirect policy.
Check the VMware Compatibility Guide – Network and Security for the latest certification status of third-party solutions on NSX-T Data Center.
Distributed Firewall Enhancements
- Multiple Sections support in NSX Edge Firewall
- Firewall Rule Hit Count and Rule Popularity Index: monitors rule usage and quick identification of unused rules for clean-up
- Firewall Section Locking
- Grouping Objects: supports an object to be added to a group if it matches all five specified tags
- Tag Length: increases tag length value from 65 to 256 and tag scope from 20 to 128
Enhancements in NSX Edge Services:
- Overlay Support for Enhanced Data Path Mode in N-VDS: in conjunction with vSphere 6.7, the Enhanced data path mode in N-VDS for NSX-T Data Center 2.3 supports NFV style workloads requiring high-performance data path.
- Support for Stateful NAT and Firewall Services on the Centralized Service Port
- API Support to Clear All DNS Entries on DNS Forwarder: provides the ability to clear all the DNS cache entries in a single API call on a given DNS forwarder.
- Load Balancer Enhancements
- Support for Pre-Defined Cipher List: Pre-defined SSL profiles for HTTPS VIP for higher security or performance.
- Load Balancer Rule Enhancement: new Load Balancer rules, delete header action, SSL match condition, and Assign variable on match condition.
- Load Balancer Support on Stand-Alone Service Router: provides the ability to deploy a load balancing service on a service router that does not have a router port.
User Interface Enhancements
- New Language Support: user interface now available in English, German, French, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish.
- Enhanced Navigation and Home Page: new home page highlights search and at-a-glance summary of the system.
- Enhanced Search: search includes type-ahead suggestions, which are accessible from the home page.
- Network Topology Visualization: provides the ability to monitor communications from group-to-group, VM-to-VM, and process-to-process.
Operations and Troubleshooting Support
Install and Upgrade Enhancements
- NSX-T Data Center in a Stateless vSphere Environment: enables additional deployment options by providing support for stateless ESXi hosts that use vSphere Auto Deploy and Host Profiles. The feature support requires vSphere 6.7 U1 or higher.
- Modular NSX-T Data Center Upgrade: includes support for modular upgrade in the Upgrade Coordinator. You can upgrade only the NSX-T Data Center components that have changed in the new release version. This added functionality reduces the operational overhead of patching an NSX-T Data Center version.
- Ability to configure NSX Edge Cluster with both VM and Bare-metal NSX Edge nodes
Monitoring and Troubleshooting
- ERSPAN for KVM Hypervisor: includes support for port mirroring on KVM – ERSPAN Type II and III.
- Provides the ability to generate traceflow traffic from the Tier-0 logical router uplinks and report the receiving of traceflow packets on Tier-0 logical router uplinks. CLI Support to Shut Down DPDK Ports on Bare-Metal Edge Node
- Ability for the Neutron Plugin to Provision Overlay Logical Switch Backed by Enhanced Datapath: NSX Neutron plugin offers the ability to leverage Enhanced Data Path mode for overlay, which used to be VLAN only. With this support you can take advantage of the Enhanced datapath performance for the NFV related workload.
- Support for Co-existence of NSX Products with OpenStack:
- Ability to Consume VPN as a Service Feature in OpenStack: support for OpenStack VPNaaS in the Neutron extension in OpenStack that introduces VPN feature set.
NSX Container Plug-in (NCP) Support
- Concourse Pipeline to install NSX-T Data Center
- Annotation for Load Balancer SNAT IP: SNAT IP for a load balancer is annotated in a Kubernetes service of type LoadBalancer, ncp/internal_ip_for_policy: <SNAT IP>, and added to the service’s status, status.loadbalancer.ingress.ip: [<SNAT IP>, <Virtual IP>]. This IP can be used to create network policy which allows this IP CIDR.
- Kubernetes Network Policy Enhancement: provides the ability to select pods from different namespaces with Kubernetes network policy rules.
- Kubernetes Load Balancer/SNAT Annotation Improvement
- If NCP fails to configure a load balancer for a service, the service will be annotated with ncp/error.loadbalancer.
- If NCP fails to configure an SNAT IP for a service, the service will be annotated with ncp/error.snat.
- Session Persistence of NSX-T Date Center Load Balancer for Kubernetes Ingress and OpenShift Routes
- Cleanup Script Enhancement
Compatibility and System Requirements
For compatibility and system requirement information, see the NSX-T Data Center Installation Guide.
NCP Compatibility Requirements:
|NCP / NSX-T Data Center Tile for PAS||2.3.0|
|NSX-T Data Center||2.2, 2.3|
|Kubernetes host VM OS||Ubuntu 16.04, RHEL 7.4, 7.5|
|OpenShift host VM OS||RHEL 7.4, RHEL 7.5|
|PAS (PCF)||OpsManager 2.1.x + PAS 2.1.x (except PAS 2.1.0)
OpsManager 2.2.0 + PAS 2.2.0
General Behavior Changes
Default HA Mode for Tier-1 Logical Routers Changes from Preemptive to Non-Preemptive
With the new default HA mode to non-preemptive, the newly created Tier-1 logical routers do not experience this traffic slowdown. The existing Tier-1 logical routers are not be affected by this change.
API Reference Information
The latest API reference is located in the NSX-T Data Canter Product Information.
For more information, please refer to the VMware Documentation on NSX-T Data Center product at https://docs.vmware.com/en/VMware-NSX-T/index.html
I hope this is informative for you and I thank you for reading.
- NSX-T 2.1 Complete video series:
- Introduction to NSX-T
- NSX-T Architecture
- Deploy NSX-T Manager Virtual Machine on ESXi host
- Configure NSX-T Control cluster
- Prepare ESXi host as fabric node in NSX-T
- Prepare KVM hosts as fabric Node in NSX-T
- How to add vCenter Server as Compute Manager?
- What is N-VDS or hostSwitch in NSX-T?
- How to create Transport Zones in NSX-T?
- What is Uplink Profile and how to Create in NSX-T?
- Create an IP pools for TEP in NSX-T
- Verify hostswitch configuration on ESXi and KVM
- How to create Logical Switches in NSX-T?
- NSX-T Logical Routing