NSX for vSphere 6.3 Enhancements

Controller Disconnect Operation (CDO) Mode: Controller Disconnected Operation (CDO) mode ensures that the data plane connectivity is unaffected when host lose connectivity with the controller. If you find issues with controller, you can enable CDO mode to avoid temporary connectivity issues with the controller.

When CDO mode is enabled, NSX Manager creates a special CDO logical switch, one for every transport zone. VXLAN Network Identifier (VNI) of the special CDO logical switch is unique from all other logical switches. When CDO mode is enabled, one controller in the cluster is responsible for collecting all the VTEPs information reported from all transport nodes, and replicate the updated VTEP information to all other transport nodes. When a controller fails, a new controller is elected as the new master to take the responsibility and all transport nodes connected to original master are migrated to the new master and data is synced between the transport nodes and the controllers.

Drain state for Load Balancer pool members: Before 6.3, the load balancer functionality within NSX had 2 states for real servers behind a virtual IP; on or off. This made (web) servers upgrades a bit awkward, as you could only stop the server from serving request in flight, causing some sessions to terminate hard and affect users. You can now put a pool member into Drain state, which forces the server to shutdown gracefully for maintenance. Setting a pool member to drain state removes the backend server from load balancing, but still allows the server to accept new, persistent connections

Improved Layer 2 VPN performance: Performance for Layer 2 VPN has been improved. This allows a single Edge appliance to support up to 1.5 Gb/s throughput, which is an improvement from the previous 750 Mb/s.

Linux support for Guest Introspection: NSX 6.3.0 enables Guest Introspection for Linux VMs. Guest Introspection supports file introspection feature for guest virtual machines having Linux operating system. File introspection offloads file scanning from a production VM to a dedicated partner security appliance SVM or DLP, a VMware appliance running on the same host.  Guest Introspection supports file Introspection in Linux for anti-virus only.

Backup and Restore: Starting in NSX 6.3.0, the following ciphers are supported for SFTP backup:

  • Encryption: aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr
  • Message Authentication(mac): hmac-sha2-256 (There is no support for hmac-sha1)
  • Key Exchanges: diffie-hellman-group-exchange-sha256

vSphere 6.5 Compatibility: NSX 6.3.0 introduces support for vSphere 6.5a and later. NSX 6.3.0 retains compatibility with vSphere 5.5 and 6.0.

Control Plane Agent (netcpa) Auto-recovery: An enhanced auto-recovery mechanism for the netcpa process ensures continuous data path communication. The automatic netcpa monitoring process also auto-restarts in case of any problems and provides alerts through the syslog server.

NSX for vSphere Minimum Supported vSphere Versions Minimum Recommended vSphere Versions
Latest NSX Version 6.3.0
  • vSphere 5.5.0.Note: vSphere 5.5.0 does not support Cross-vCenter NSX.
  • vSphere 6.0.0
  • vSphere 6.5a
  • vSphere 5.5U3 and later
  • vSphere 6.0U2 and later
  • vSphere 6.5a and later. The earlier 6.5.0 version is not supported.
  • New NSX Data Security removed: As of NSX 6.3.0, the NSX Data Security feature has been removed from the product.
  • New NSX Activity Monitoring (SAM) deprecated: As of NSX 6.3.0, Activity Monitoring is no longer a supported feature of NSX. As a replacement, please use Endpoint Monitoring.
  • New Web Access Terminal removed: Web Access Terminal (WAT) has been removed from NSX 6.3.0.
  • New IS-IS removed from NSX Edge: From NSX 6.3.0, you cannot configure IS-IS Protocol from the Routing tab.
  • New vCNS Edges no longer supported. You must upgrade to an NSX Edge first before upgrading to NSX 6.3.x.

More about NSX 6.3 on Release Notes

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

seventeen + 5 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.