On 09 June 2016 VMware announced the latest version 6.2.3 of NSX for VMware.
NSX is the network virtualization product from VMware. It is based on SDN (Software Defined Networking) concept. NSX provide logical network nodes and services like logical switching, routing, load balancing, VPN, firewall and quality of service (QoS) etc.
Changes introduced in NSX vSphere 6.2.3:
Logical Switching and Routing
NSX Hardware Layer 2 Gateway Integration: expands physical connectivity options by integrating 3rd-party hardware gateway switches into the NSX logical network
New VxLAN Port: Before version 6.2.3, the default VXLAN UDP port number was 8472. But from this version UDP port 4789 will be used as default VXLAN Port.
Networking and Edge Services
New Edge DHCP Options:
- DHCP Option 121 supports static route option, which is used for DHCP server to publish static routes to DHCP client;
- DHCP Options 66, 67, 150 supports DHCP options for PXE Boot
- DHCP Option 26 supports configuration of DHCP client network interface MTU by DHCP server.
Increase in DHCP Pool, static binding limits: The following are the new limit numbers for various form factors: Compact: 2048; Large: 4096; Quad large: 4096; and X-large: 8192.
Edge Firewall adds SYN flood protection: Avoid service disruptions and protect virtual machines by enabling SYN flood protection for north-south transit traffic. This feature is disabled by default, user has to use the NSX REST API to enable it.
NSX Edge – On Demand Failover: Using this feature users can initiate on-demand failover when needed.
NSX Edge – Resource Reservation: Reserves CPU/Memory for NSX Edge during creation. Now your can modify the CPU/Memory settings after NSX Edge deployment using REST API to configure VM appliances.
Change in NSX Edge Upgrade Behavior: Replacement NSX Edge VMs are deployed before upgrade or redeploy. The host must have sufficient resources for four NSX Edge VMs during the upgrade or redeploy of an Edge HA pair. Default value for TCP connection timeout is changed to 21600 seconds from the previous value of 3600 seconds.
Cross VC NSX — Universal Distributed Logical Router (DLR) Upgrade: Auto upgrade of Universal DLR on secondary NSX Manager, once upgraded on primary NSX Manager.
Flexible SNAT / DNAT rule creation: vnicId no longer needed as an input parameter; removed requirement that the DNAT address must be the address of an NSX Edge VNIC.
NSX Edge VM (ESG, DLR) now shows both Live Location and Desired Location. NSX Manager and NSX APIs including GET api/4.0/edges//appliances now return configured Resource Pool and configured Datastore in addition to current location.
Distributed Firewall – TFTP ALG: enables use cases such as network boot for VMs.
Firewall — Granular Rule Filtering: simplifies troubleshooting by providing granular rule filters in UI, based on Source, Destination, Action, Enabled/Disabled, Logging, Name, Comments, Rule ID, Tag, Service, Protocol.
Guest Introspection – Now supports Windows 10
SSL VPN Client – Now supports Mac OS X El Capitan
Service Composer – Performance Improvements: NSX Manager startup/reboot faster than ever by optimizing synchronization between security policy and firewall service, and disabling auto-save of firewall drafts by default.
Service Composer – Status Alarms: raises system alarm if security policy is out-of-sync, and takes specific actions based on alarm code to resolve issue.
Operations and Troubleshooting
NSX Dashboard: Simplifies troubleshooting by providing visibility into the overall health of NSX components in one central view.
Traceflow Enhancement – Network Introspection Services: Enhances ability to trace a packet from source to destination, by identifying whether packets were forwarded to 3rd-party network introspection services, and whether the packet comes back from the 3rd-party service VM or not.
SNMP Support: Configure SNMP traps for events from NSX Manager, NSX Controller, and Edge.
Logging is now enabled by default for SSL VPN and L2 VPN. The default log level is notice.
Firewall rules UI now displays configured IP protocols and TCP/UDP port numbers associated with services.
NSX Edge technical support logs have been enhanced to report memory consumption per process.
Central CLI Enhancements
- Central CLI for Host Health: Shows host health status, with 30+ checks in one command (including network config, VXLAN config, resource utilization, etc.
- Central CLI for Packet Capture: Provides ability to capture packet on the host and transfer the capture file to user’s remote server. This eliminates the need to open up hypervisor access to network administrators, when troubleshooting logical network issues.
Technical support bundle per host: Gathers per-host logs and creates a bundle that can be saved and submitted to VMware technical support for assistance.
Change in default license & evaluation key distribution: default license upon install is “NSX for vShield Endpoint”, which enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only. Evaluation license keys can be requested through VMware sales.
License usage reporting: NSX license usage counts are displayed on NSX Manager’s Summary UI and also retrievable via API. NSX license usage counts will no longer be reported through vCenter licensing service.
Customer Experience Improvement Program: NSX supports reporting system statistics via the VMware Customer Experience Improvement Program (CEIP). Participation is optional and is configured in the vSphere Web Client.
VMware vRealize Log Insight 3.3.2 for NSX provides intelligent log analytics for NSX, with monitoring and troubleshooting capabilities and customizable dashboards for network virtualization, flow analysis and alerts. You can use the same license key with NSX and vRealize Log Insight 3.3.2. This version accepts NSX Standard/Advanced/Enterprise edition license keys issued for NSX 6.2.2+.
The NSX-v 6.2.3 release now provide Endpoint capabilities to vSphere users in addition to vCNS 5.5.x releases.
For more information you can go through the VMware NSX for vSphere 6.2.3 Release Notes here.