Last week, VMware released version 6.2 of their software-defined networking (SDN) product, NSX. One of the things that’s interesting to me is that VMware no longer refers to NSX as an SDN solution. Instead, they’re playing a bigger game with it and call it “the network virtualization platform for the Software-Defined Data Center” (SDDC). This is in line with VMware’s overall message lately, positioning themselves as an SDDC solution, not just as one for server virtualization.
I’ll walk through what’s in the new release below.
Version 6.2 adds many features to NSX that enable using it in environments that have multiple vCenter instances. This will make it easier to keep networking standardized in very large and/or complex deployments. The new cross-vCenter functionality only works in vSphere 6.0 environments. These features include:
- Support for deployment of logical switches (LS), distributed logical routers (DLR), and distributed firewalls (DFW) across multiple vCenters. This allows use of logical networking and security for applications and workloads that span multiple physical locations.
- Addition of a “Universal” marker for a distributed firewall configuration. Marking a section of a DFW’s rules as “Universal” will cause them to be replicated across multiple NSX managers. This provides for ease of ensuring consistent firewall policies throughout the environment, and an easy way to push out new policy changes quickly.
- Cross-vCenter vMotion with DFW. If a VM has policies defined in the “Universal” section of the DFW, that VM can be moved between hosts managed by different vCenter instances with consistent security policy enforcement.
- Support for Universal Logical Switches (ULS). This allows the creation of logical switches that span multiple vCenter instances. This, in turn, allows network administrators to create a contiguous Layer 2 network that could span multiple physical locations.
- Support of Universal Distributed Logical Routers (UDLR). This allows the creation of distributed logical routers that span multiple vCenter instances. The UDLR enable routing across the Universal Logical Switches described above. Additionally, the UDLR is capable of being configured with localized north-south routing rules based on physical location.
Operations and Troubleshooting
NSX 6.2 adds several enhancements to increase the ease of both day-to-day operations and troubleshooting. These include:
- A new troubleshooting tool, Traceflow. Traceflow can be used to help identify if a problem is on the virtual or physical network. It can be uses to trace a packet from source to destination, giving administrators visibility into how the packet passes through the various parts and functions of the virtual network.
- Separation of IPFIX and flow reporting. NSX 6.1 offered support for IPFIX reporting, but it would only work if flow reporting to the NSX Manager was enabled. In NSX 6.2.0 and later, these two functions are decouple, allowing administrators to enable IPFIX monitoring independent of any flow settings.
- The addition of several CLI monitoring and troubleshooting commands. The full list of these new CLI commands can be found in this VMware Knowledge Base article.
- The addition of “Central CLI”. Central CLI allows commands to be run from the NSX Manager and retrieve information from the controllers, hosts, and the NSX Manager, allowing administrators to quickly access and compare multiple sources. Central CLI provides information about logical switches, logical routers, distributed firewalls, and edges.
Networking and Routing Enhancements
NSX 6.2 includes several enhancements to its networking and routing functionality. These enhancements include:
- Layer 2 bridging interoperability with Distributed Logical Router
- Enhanced support of relayed DHCP requests
- Ability to keep VLAN tags over VXLAN
- Support of administrative distance for configuring static routes
- Distributed Logical Router force-sync avoids data loss for east-west routing of traffic across the DLR
- Enhanced support for REST API on Edge
NSX 6.2 includes greater interoperability with the following VMware solutions:
- Expanded vSphere 6.0 Platform Services Controller (PSC) support. The previous NSX version supported embedded PSC configurations, but 6.2 adds support for external PSCs as well.
- NSX plug-in for vRealize Orchestrator. As part of NSX 6.2, VMware has released NSX-vRO plug-in version 1.0.2. The plug-in works in vRealize Automation (vRA).
As mentioned earlier, NSX requires vSphere 6.0.
Additionally, in order to support the Guest Introspection and Network Introspection features with VMs, VMware Tools on those VMs need to be upgraded to one of the following:
- VMware Tools 5.1 P07 and later
- VMware Tools 5.5 P04 and later
- VMware Tools 6.0
You can see the full details of the NSX 6.2 release in the NSX for vSphere 6.2.0 Release Notes.
NSX 6.2.0 is available for download from the VMware website now.