VMware NSX-T 4 Released and product name changed to VMware NSX

VMware released NSX-T a few days back and changed the product name to VMware NSX in order to simplify the naming. As you know, NSX-V isn't going any further and NSX-T is the way to go forward, the rebranding to VMware NSX makes sense.

NSX 4.0.0.1 is a major release offering new features in all the verticals of NSX: networking, security, and services. The product also allows up to 10% faster upgrades.

There are also some licensing changes where new users are able to access only those features that are available in the edition that they have purchased. Existing users who have used features that are not in their license edition are restricted to only viewing the objects.

Some of the major enhancements are the following:

IPv6 external-facing Management Plane introduces support for IPv6 communication from external systems with the NSX management cluster (Local Manager only).
Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs.

In addition to the features, many other capabilities are added in every area on the product. More details are available below in the detailed description of added features.

Details: VMware NSX 4.0 | 02 AUG 2022 | Build 20159689

Quote:

Product Name Change

With the release of 4.0.0.1 the product name changes from “VMware NSX-T Data Center” to “VMware NSX.” This new name better reflects the multi-faceted value that NSX brings to customers. This update is apparent in the product graphical user interface as well as documentation. This change has no impact to the functionality of the product or changes to the API that impacts compatibility with previous releases.

This latest release has many new features, but there is also many features that has been deprecated. Here is the full release notes from VMware:

Layer 3 Networking

IPv6 external-facing Management Plane introduces support for IPv6 communication from external systems with the NSX management cluster (Local Manager only). The NSX Manager now supports dual-stack (IPv4 and IPv6) in the external management interface. IPV6-only deployments are not supported in this release.

The following external communication and systems are supported:

Access to NSX User Interface (UI) through IPv6
Access to NSX API through IPv6
IPv6 communication with vCenter

In this release vCenter services and clients using vCenter Extension Manager to communicate with NSX Manager, such as vLCM, WCP and Supervisor Cluster, will be using IPv4 to connect to NSX Manager.

IPv6 syslog
IPv6 SNMP
IPv6 SSH
IPv6 SFTP (Backup & Restore)
IPv6 communication with DNS server (name resolution)
IPv6 communication with NTP server
IPv6 Cluster VIP
IPv6 communication with LDAP/AD servers, for user authentication and IDFW
IPv6 interaction with Operations tools: vRNI, vRLI & vROPs
IPv6 support for telemetry/VAC
Internal T0-T1 transit subnet prefix change after Tier0 creation allows users to change the prefix used for the T0-T1 transit subnet after the Tier-0 creation. Before this feature the user was allowed to change the default value (100.64.0.0/16) only at the Tier-0 creation time.

Networking Services (NAT, DHCP, DNS)

NAT support for Policy-based VPN on T0/T1 Gateway allows the configuration of DNAT/NO-DNAT rule that matches traffic decapsulated from the Policy-based VPN. At the time we want to translate the Destination IP for the traffic decapsulated from the VPN we can configure DNAT/NO-DNAT and select “match” for the policy based VPN. The default behavior will be kept to bypass which means it does not match traffic decapsulated from policy-based VPN.
DHCP UI configuration workflow improvement offers in a simpler and easier configuration of Local DHCP server; Gateway DHCP server or DHCP Relay . It also offers better visibility and monitoring options.
DHCP Standby relocation improves the availability for the DHCP server, allowing the configuration of standby relocation where, in case of failure, the new standby Edge will be elected.

Edge platform

Edge relocate API gives the option when an Edge VM enters maintenance mode, to gracefully relocate all T1 auto allocated SRs to other Edge VMs.
Maintain Edge Node parameters during upgrade – post-upgrade all user-edited settings of Edge Node will be preserved and not reset to default.

Distributed Firewall

Block Malicious IPs in Distributed Firewall is a new capability that allows the ability to block traffic to and from Malicious IPs. This is achieved by ingesting a feed of Malicious IPs provided by Vmware Contexa. This feed is automatically updated multiple times a day so that the environment is protected with the latest malicious IPs. For existing environments the feature will need to be turned on explicitly. For new environments, the feature will be default enabled.
NSX Distributed Firewall has now added support for these following versions for physical servers: RHEL 8.2, 8.4, Ubuntu 20.04, CentOS 8.2, 8.4.

Federation

Physical servers are now supported are on Local Managers that are part of a Federation. Physical servers can now be part of groups defined on Global Manager, those groups can then be used in firewall rules (DFW or Gateway Firewall).

Service insertion

Service Insertion has now added additional alarms to monitor the health and liveness of the Service Insertion components.

NSX Application Platform and Associated Services

NSX 4.0.0.1 is compatible with NSX Application Platform 3.2.1 version, along with the related NSX features (NSX Intelligence, NSX Network Detection and Response, NSX Malware Prevention, and NSX Metrics).
If you are running NSX Application Platform 3.2.0, you must upgrade to NSX Application Platform 3.2.1 (or any subsequent maintenance release) before you can upgrade to NSX 4.0.0.1.

Installation and upgrade

Faster Upgrades – benefit from up to a 10% reduction in NSX upgrade time overall to use the maintenance windows more effectively.
Monitoring – New alarms for lifecycle status of physical servers (install, uninstall, upgrade).
Usability Enhancements: Generate system notifications when newer NSX versions become available.

Operations and Monitoring

Live Traffic Analysis & Traceflow support for VPN – get an end-to-end view of live packets in a VPN tunnel using Traceflow or the Live Traffic Analysis Tool
Edge Support for Live Traffic Analysis – use the Live Traffic Analysis tool to perform packet capture on NSX Edge interfaces
Enhancements to events, alarms & operations – several known issues with the Live Traffic Analysis tool and Traceflow have been addressed in this release. Also, high latency alerts have been added in the the management and network infrastructure.

AAA and Platform Security

Improved Local User Password Configuration – NSX supports additional complexity requirements to align with newer industry regulations

API

Logging of Deprecated APIs: The system will flag in the logs when an API involved is deprecated in order to simplify the transition from deprecated APIs to their replacement.

Licensing

License Enforcement – Enhanced feature-level enforcement on NSX Firewall license editions, restricting access to features based on license edition. New users are able to access only those features that are available in the edition that they have purchased. Existing users who have used features that are not in their license edition are restricted to only viewing the objects; create and edit will be disallowed.

Feature Deprecation

Support of Non-VIO OpenStack and KVM: NSX will no longer support either KVM based hypervisors or OpenStack distributions from third-party vendors. Support for VMware Integration OpenStack (VIO) remains. Please see the VMware Product Interoperability Matrix for details on which versions of NSX and VIO are compatible.
NSX N-VDS Host Switch support: NSX 3.0.0 and later has the capability to run on the vSphere VDS switch version 7.0 and later. This provides a tighter integration with vSphere and easier NSX adoption for customers adding NSX to their vSphere environment. Please be aware that VMware has removed support of the NSX N-VDS virtual switch on ESXi hosts starting this release, NSX 4.0.0.1. N-VDS will remain the supported virtual switch on NSX Edge nodes, native public cloud NSX agents, and bare metal workloads.

New deployments of NSX and vSphere must take advantage of this close integration and deploy using VDS switch version 7.0 and later. In addition, for existing deployments of NSX that use the N-VDS on ESXi hosts, VMware recommends moving toward the use of NSX on VDS before upgrading to this release. To make this process easy, VMware has provided both a CLI based switch migration tool, which was first made available in NSX-T 3.0.2, and a GUI based Upgrade Readiness Tool, which was first made available in NSX-T 3.1.1 (see NSX documentation for more details on these tools).

The following deployment considerations are recommended when moving from N-VDS to VDS before upgrading to this release:

The N-VDS and VDS APIs are different, and the backing type for VM and vmKernel interface APIs for the N-VDS and VDS switches are also different. As you move to use VDS in your environment, you will have to invoke the VDS APIs instead of N-VDS APIs. This ecosystem change will have to be made before converting the N-VDS to VDS. Refer to KB https://kb.vmware.com/s/article/79872 for more details.

Note: There are no changes to N-VDS or VDS APIs.

VDS is configured through vCenter, while N-VDS was vCenter independent. With the deprecation of N-VDS, NSX will be closely tied to vCenter and vCenter will be required to enable NSX in vSphere environments.

NSX Distributed Firewall has now deprecated support for these following versions of physical servers: RHEL 7.8, 8.0, and 8.3, CentOS 7.8, 8.0, and 8.3

NSX Advanced Load Balancing Policy API and UI deprecation

Configuration of NSX Advanced Load Balancer(Avi), using NSX Advanced Load Balance Policy API and UI, is deprecated starting NSX 4.0.0.1 and will be removed completely in future releases. It is recommended to use NSX Advanced Load Balancer (Avi) UI and API directly for the configuration of Load Balancers in NSX-T integration across all deployment models.
Installation of NSX Advanced Load Balancer appliance cluster and cross-launch of NSX Advanced Load Balancer UI from the NSX-T manager will continue to be supported.
The users consuming NSX Advanced Load Balance Policy API and UI in the earlier releases of NSX-T 3.1.x, NSX-T 3.2.0, and NSX-T 3.2.1 upgrading to NSX 4.0.0.1 will need to clean the NSX Advanced Load Balance Policy configuration in the NSX manager(using Deactive workflow) and will retain the configuration in VMware NSX Advanced Load balancer (Avi). From there on, users can consume Load balancing functionality directly from VMware NSX Advanced Load balancer (Avi).
Migration of NSX-V Load Balancer for User-Defined Topology Lift-and-Shift Migration will not be supported in NSX 4.0.0.1. In future releases, NSX-T 4.0.X or 3.2.X, the migration path from NSX-V LB to NSX-T LB will be provided and users would require a 2-phase migration (first migrate from NSX-V LB to NSX-T LB, then migrate from NSX-T LB to NSX Advanced Load Balancer (Avi) to upgrade to NSX Advanced Load Balancer (Avi).

API Deprecation and Behavior Changes

New pages on API deprecation of removal have been added to the NSX API Guide to simplify API consumption. Those will list the deprecated APIs and Types, and the removed APIs and Types.
The following MP APIs for service insertion have been removed. Their corresponding UI have also been removed.

Release notes of VMware NSX are here.

Training course NSX can be found here.

VMware NSX-T 4 Released and product name changed to VMware NSX

Installation and upgrade

Feature Deprecation

More posts from ESX Virtualization:

Get new posts by email:

Free Trials

VMware Engineer Jobs

YouTube

…

Find us on Facebook

…

NSX-T Logical Routing

Installation and upgrade

Feature Deprecation

More posts from ESX Virtualization:

About Vladan SEGET

Free Trials

VMware Engineer Jobs

YouTube

…

Find us on Facebook

…

NSX-T Logical Routing