On Wednesday 27th January 2021, VMware NSX-T Data Center 3.1.1 was released, offering various new features, all of which offer new functionalities for virtualized networking and security for private, public, and multi-cloud environments.
One of the highlighted features is the much-anticipated support for OSPF!
As always, there are multiple enhancements, all of which span several areas within NSX-T; however, I highlight the most anticipated items below.
Layer 3 Networking and OSPFv2 Support
The biggest and most anticipated functionality released in NSX-T 3.1.1, is OSPF. As of 3.1.1, OSPFv2 is now supported as a dynamic routing protocol between Tier-0 gateways and physical routers. This has been an ask for many customers for several years. Smaller environments might only utilise OSPF; they might not be in a position to leverage BGP due to physical device constraints, or they might not have the appropriate BGP skillset.
While BGP is still the recommended protocol for dynamic routing (due to its ability to scale much better compared to OSPF), OSPF can now be enabled on the external interfaces of Tier-0 Gateways only. The same OSPF area (standard or NSSA) can be used across all interfaces (even across multiple Edge Nodes) and, for those customers using NSX for vSphere, OSPF support allows the migration from an existing NSX for vSphere deployment (using OSPF) to NSX-T Data Center much easier!
Over the coming weeks, I’ll be putting together an article detailing OSPF and how to deploy/configure.
As NSX-T can now leverage vSphere Distributed Switches, a new UI-based Upgrade Readiness Tool is now included for those customers wishing to migrate from NVDS to VDS with NSX-T Data Center.
The Upgrade Readiness Tool enables users to obtain recommended VDS with NSX configurations, create or edit the recommended VDS with NSX, and automatically migrate NVDS to VDS with NSX while upgrading the ESX hosts to vSphere Hypervisor (ESXi) 7.0 U2.
Again, and over the coming weeks, I’ll be putting together an article detailing the migration from NVDS to VDS with NSX-T.
NSX Data Center for vSphere to NSX-T Data Center Migration
As NSX Data Center for vSphere is fast approaching the end of general support (16th January 2022 at the time of writing), several new NSX-T features have been included which enhance the V-T migration process.
- Support of Universal Objects Migration for a Single Site
- Migration of NSX-V Environment with vRealize Automation – Phase 2
- Modular Migration for Hosts and Distributed Firewall
- Modular Migration for Distributed Firewall available from UI
- Fully Validated Scenario for Lift and Shift Leveraging vMotion, Distributed Firewall Migration and L2 Extension with Bridging
The NSX Policy API now allows users to configure the Identity Firewall further, specifically, Active Directory setup for use with Identity Firewall rules can now be configured via the NSX Policy API.
Advanced Load Balancer Integration
Again, and similar to the above, further NSX Policy API enhancements have been made, including:
- Support Policy API for Avi (Advanced Load Balancer) Configuration
- Service Insertion Phase 2
Edge Platform and Services
Tier-0 and Tier-1 Gateways now support DHCPv4 Relay on service interfaces, enabling 3rd party DHCP servers to be located on a physical network
Finally, NSX-T 3.1.1 offers several enhancements in the public cloud world.
Starting with NSX-T 3.1.1, customers can deploy the NSX management plane and control plane fully in Azure (AWS will be supported in a future release) via VHDs available in the Azure Marketplace.
From a high-availability standpoint, the NSX Cloud Service Manager (CSM) now boats HA functionality.
Lastly, for those using NSX Cloud to protect Horizon VDIs in Azure, you can install the NSX agent as part of the Horizon Agent installation in the VDIs.