NSX 4.2 Release – Simple Digest

Important Updates

Goal of this blog is to highlight important standouts out of huge release notes

TEP Groups

Earlier traffic from ESXi hosts to Edge will go through one Edge TEP interface despite of multiple Edge TEP interfaces availability. This could lead to bandwidth constraints in some environments.
With NSX 4.2 new feature bundles TEPS of an EDGE into a TEP group.
Tx & Rx traffic of TEP group is layer 4 hashed across members of TEP group. This load sharing enhances high bandwidth and availability.
All TEPs in the TEP group will be used to send and receive traffic.
Traffic from any transport node to and Edge will use any TEP of the Edge. Load sharing will be based on per flow basis. Likewise traffic from an Edge to any transport node will use any TEP as source on per flow basis.
This Edge TEP groups feature is not enabled by default. Can be enabled globally via an API call.

Easy Virtual Networking Adoption

This step-by-step workflow feature guides customers to migrate existing VLAN port-groups backed workloads to VCF with NSX networking in least disruptive way.
This simplified procedure for moving VMs from VLAN-backed DVPGs to NSX segments while keeping their IP address and maintaining connectivity during migration.
There might be short interruption expected while moving gateway from physical network to NSX T0 Gateway.

Inter-SR Support for Tier-0 VRF Gateways (NSX 4.2.1)

Introduces support of Inter-SR Routing for Tier-0 VRF Gateways in Active/Active Edge node deployments in addition to the existing Inter-SR support for the parent Tier-0.
Deployments using VRFs will be able to deploy Active/Active Edge nodes with improved availability.

Tier-0 VRF Gateway Support Federation ( NSX 4.2.1)

This release introduces support for Tier-0 VRF Gateway configuration from Global Manager.
Tier-0 VRF Gateway across multiple locations is also supported with the same topologies and operation modes as previously supported for stretched parent Tier-0.

Combined Security-Only and Networking Security VIBs

Allows the configuration of Distributed Firewall on DVPG and Network Virtualization on the same ESX host.
It also offers the ability for NSX to discover the existing DVPGs and enforce segment profiles and Distributed Firewall rules on them.

NSX Manager XL Size

This feature introduces Extra Large (XL) size form factor for NSX Local and Global Managers.
This offers increased supported scale and also good for future scalability.

Updates in Multi-Tenancy & VPC

By default, NSX projects and VPCs are created with DFW rules, in absence of required rules traffic might get dropped. in 4.2 feature introduced a switch to disable DFW. When disabled no traffic restriction will be applied to respective projects/VPCs. This offers flexibility for customer to opt based on business requirements.
Ability to create VPNs under Project. offers VPN configuration creation for Tier-1 gateways under the Project. This includes the ability to manage certificates for the tenant from the project context.
- Networking Folders in vCenter for Projects & VPC: Introduces the ability to have in the vCenter Networking tab NSX Managed folders reflecting the Projects and VPCs. You can now have vSphere PortGroups organized according to the NSX tenancy model, hence enhancing visibility from vCenter of network tenancy and allowing you to put RBAC on networks from a specific Project or a VPC. (NSX 4.2.1)