Please Note: The NSX for vSphere 6.2.3 release has been pulled from distribution. The current version available is NSX for vSphere 6.2.2. VMware is actively working towards releasing the next version to replace NSX for vSphere 6.2.3. For more information, please visit click here.
On 9th June 2016 VMware released VMware NSX (for vSphere) 6.2.3. NSX is VMware’s solution to virtualising network and security for the software-defined data centre. This 6.2.3 release is considered a minor release but it does bring in a lot of enhancements.
One big new feature introduced is the support for 3rd-party hardware L2 gateway integration. This is useful when migrating physical workloads into an “NSX enabled” environment (don’t forget the controllers see issue 1477280).
Another key feature is the VXLAN UDP port which has changed from 8472 to 4789.
I will not list all the new features (you can use the release notes for that) but will give a quick overview of new features that I consider to be the most interesting and the issues to keep an eye on.
- NSX Edge on Demand Failover: giving users the ability to run on demand failover it’s a good option not only for testing
- Edge Firewall SYN flood protection: disabled by default, can be enabled via REST call. Particularity useful when the ESG is exposed publicly on the WAN
- SNMP v2c support, for the NSX Manager, Edges and Controllers
- Global Dashboard to quickly monitor the overall health of your NSX environment
- Desired/Live location attribute is now displayed for ESGs and DLRs
- It is possible to apply a NAT rule to a vNIC interface, used to be an IP address only
- You can configure DHCP options on NSX Edges, a very useful one is 121 which allows you to inject a static route into the DHCP client
- A new license model implements the default license upon install which is “NSX for vShield Endpoint”, enabling the use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only
- Fixed issue 1456172: good to have some warnings displayed, NAT has been part of the firewall service however people tend to forget that if the firewall is disabled so is the NAT
- Fixed issue 1619570: In a large-scale DFW configuration with millions of rules and Service Composer, rule publishing may require several seconds to complete after a reboot. During this time, new rules cannot be published
- Fixed issue 1467774 whereby a route learned from an eBGP peer advertised to an iBGP in the same AS was retaining a previous (wrong) administrative distance
A full list of the fixed issues can be found by clicking here.
There are also some known issues to be aware of, key ones include:
- Issue 1529178: Uploading a server certificate which does not include a common name returns an “internal server error” message
- Issue 1534606: Host Preparation Page fails to load when NSX Managers are running different versions
- Issue 1386874: Networking and Security Tab not displayed in vSphere Web Client
- Issue 1604506: Cannot deploy DLR without NSX Edge VM if using default gateway for static routing use case see KB 2144551
- Issue 1556924: connectivity through some of the DLR LIF’s could be affected is the VXLAN layer on the hosts is not properly configured
- Issue 1493611: L2 VPN could be configured with VLAN ID 0; the GUI will let you do so however this is not supported and traffic will not traverse the tunnel so be careful
- Issue 1474238: After vCenter upgrade, vCenter might lose connectivity with NSX when using the root embedded SSO account
Customers using Distributed Firewalling and Security Groups are advised, by VMware directly, not to upgrade to 6.2.3. This is because there is a known issue (KB 2146227) whereby virtual machines could lose connectivity upon a vMotion operation followed by changes to configuration of the Global Address Sets in the SG referenced for that virtual machine.
The list of bug fix is huge this time so triple check and take the time to read through the entire list of known and fixed issues when planning to upgrade. And don’t forget to back up all the NSX components, a good starting point is the available at NSX Backup and Restore.
The official documentation for VMware NSX for vSphere can be found by clicking here.
NSX for vSphere 6.2.3 Release Notes can be found by clicking here.
If you’d like any assistance with a VMware NSX project or want to learn more about how Xtravirt can help your organisation, contact us and we’d be more than happy to use our real world experiences to support you.
About the author
Giuliano Bertello joined the Xtravirt consulting team in April 2015. Giuliano’s specialties include VMware vSphere design and implementation, as well as End User Computing design and delivery. His focus is now around Cloud Automation and Orchestration and Software Defined Networking (SDN) which lead him to complete VMware’s NSX Ninja training course. As well as contributing to the Xtravirt blog, Giuliano blogs on his own site at http://blog.bertello.org