NSX-T 3.1.1 released with support for OSPFv2

VMware NSX-T 3.1.1 has just been released with awaited OSPF routing support for the north band connectivity. Prior to 3.1.1 there was no OSPF routing protocol available so we had to use BGP instead as dynamic routing protocol for connecting to the corporate and outside network.

OSPF can now be enabled only on the external interface and also can be in the same OSPF area even across multiple Edge Nodes. That’s a great news for you if you have NSX-V in your environment and planning to migrate to NSX-T, because the OSPFv2 will make the migration a lot easier if you are already using OSPF in your environment.

There are lots of other enhancements in 3.1.1 that I will list some of the key ones below:

L3 Networking

  • OSPFv2 Support on Tier-0 Gateways
    • NSX-T Data Center now supports OSPF version 2 as a dynamic routing protocol between Tier-0 gateways and physical routers. OSPF can be enabled only on external interfaces and can all be in the same OSPF area (standard area or NSSA), even across multiple Edge Nodes. This simplifies migration from the existing NSX for vSphere deployment already using OSPF to NSX-T Data Center.

NSX Data Center for vSphere to NSX-T Data Center Migration

  • Support of Universal Objects Migration for a Single Site
    • You can migrate your NSX Data Center for vSphere environment deployed with a single NSX Manager in Primary mode (not secondary).
  • Migration of NSX-V Environment with vRealize Automation – Phase 2
    • The Migration Coordinator interacts with vRealize Automation (vRA) to migrate environments where vRealize Automation provides automation capabilities. This release adds additional topologies and use cases to those already supported in NSX-T 3.1.0.
  • Modular Migration for Hosts and Distributed Firewall
    • The NSX-T Migration Coordinator adds a new mode to migrate only the distributed firewall configuration and the hosts, leaving the logical topology(L3 topology, services) for you to complete. You can benefit from the in-place migration offered by the Migration Coordinator (hosts moved from NSX-V to NSX-T while going through maintenance mode, firewall states and memberships maintained, layer 2 extended between NSX for vSphere and NSX-T during migration) that lets you (or a third party automation) deploy the Tier-0/Tier-1 gateways and relative services, hence giving greater flexibility in terms of topologies. This feature is available from UI and API
  • Modular Migration for Distributed Firewall available from UI
    • The NSX-T user interface now exposes the Modular Migration of firewall rules. This feature simplifies lift-and-shift migration where you vMotion VMs between an environment with hosts with NSX for vSphere and another environment with hosts with NSX-T by migrating firewall rules and keeping states and memberships (hence maintaining security between VMs in the old environment and the new one).
  • Fully Validated Scenario for Lift and Shift Leveraging vMotion, Distributed Firewall Migration and L2 Extension with Bridging
    • This feature supports the complete scenario for migration between two parallel environments (lift and shift) leveraging NSX-T bridge to extend L2 between NSX for vSphere and NSX-T, the Modular Distributed Firewall.

Identity Firewall

  • NSX Policy API support for Identity Firewall configuration
    • Setup of Active Directory, for use in Identity Firewall rules, can now be configured through NSX Policy API

Advanced Load Balancer Integration

  • Support Policy API for Avi Configuration
  • Service Insertion Phase 2 – Transparent LB in NSX-T advanced load balancer

Some other key features and changes:

  • Supports for Guest Users and Local User accounts
  • Upgraded FIPS compliant Bouncy Castle
  • NSX Cloud
    • NSX Marketplace Appliance in Azure
    • NSX Cloud Service Manager HA
    • NSX Cloud for Horizon Cloud VDI enhancements
  • UI-based Upgrade Readiness Tool for migration from NVDS to VDS with NSX-T Data Center
  • Enable VDS in all vSphere Editions for NSX-T Data Center Users
  • This release supports a maximum scale of 50 Clusters (ESXi clusters) per vCenter enabled with vLCM, on clusters enabled for vSphere with Tanzu
  • Starting with NSX-T 3.1.1, NSX-T will reject x509 certificates with duplicate extensions

There are long list of bug fixes in this release.

Check out the details on the official VMware release notes here.

vExpert 2020

The list of 2020 vExperts has been announced. All of the new and returning vExperts have demonstrated significant contributions to the community and a willingness to share their expertise with others. Contributing is not always blogging or Twitter as there are many VMUG leaders, public speakers, book authors, script writers, VCDX, VMTN community moderators and internal champions among this group.

“The annual VMware vExpert title is given to individuals who have significantly contributed to the community of VMware users over the past year.

The title is awarded to individuals (not employers) for their commitment to sharing their knowledge and passion for VMware technology above and beyond their job requirements.

You can visit https://vexpert.vmware.com/directory to see the list and profile of each vExpert.

I’m pleased and honoured to be awarded as vExpert this year and for being part of the vExpert program going forward.

It’s valuable to me and will be a great motivation for me to keep up giving back to the community.

Congratulations to all vExperts!

VMware Cloud on AWS is now available with two hosts deployment; starting from 33% cheaper

When VMware Cloud on Amazon AWS was introduced three years ago it required minimum of 4 hosts to be provisioned in production clusters. Then the requirement reduced to three hosts a bit later. They have now dropped one more host and the minimum requirements is two hosts now.

A few days ago VMware and Amazon AWS announced new upgrades in VMCA. Here are the key changes:

  • The minimum requirements for production cluster deployment reduced to 2 hosts. So the entry deployment cost is basically dropped by 33% that will attract small business.
  • Storage optimized AWS EC2 (I3en) instances are now available on VMCA for data-intensive with high random I/O workload such as Rational Database

While talking about VMware Cloud on AWS upgrades, I though it might be good to add basic information about VMware Cloud on Amazon AWS here:

  • VMware Cloud on AWS is basically VMware SDDC solution which is based on VMware Cloud Foundation platform with optimized access to native AWS services. VMCA run on elastic and dedicated hosts on Amazon AWS infrastructure
  • VMCA is currently available in 16 AWS regions. AWS is planning to expand the availability of VMCA to 21 regions by the end of the year
  • VMCA is a cloud choice for easily migrating VMs between on-premise VMware platform and cloud managed VMware SDDC platform that also provides integration to AWS services
  • VMware Cloud on AWS can be purchased either directly from AWS or APN partners
  • You can use your existing Windows Server licenses in VMCA. Consult your Microsoft product terms for any restrictions.
  • Each host is equivalent to an Amazon EC2 I3.metal instance (2 sockets with 18 cores per socket, 512 GiB RAM, and 15.2 TB Raw SSD storage).
  • Productions Clusters can have minimum 2 and maximum 16 ESXi hosts
  • Single host SDDC starter is a 30-days plan that can to reduce costs for proof of concepts
  • VMs can be moved (cold migrate) from on-premise DC with minimum version of vSphere 6.0 to VMCA
  • Hybric Link Mode is supported with vSphere 6.5 or later
  • Live migration can be done using vMotion or leveraging VMware Hyper Cloud Extension (HCX)

Support for NSX-T in VMware Skyline 2.5

A good news for NSX-T users. VMware announced VMware Skyline Collector 2.5 and Advisor releases with support for NSX-T and new Findings & Recommendations.

Skyline now supports NSX-T 2.5 and above that means you can connect your NSX-T endpoints to your collectors and then Skyline will discover your NSX-T proactive Findings and Recommendations within Advisor. Just bear in mind that it may take 24-48 hours for these new findings to appear within Skyline Advisor.

The other handy feature is the ability to automatically upload NSX-T tech support log bundle to VMware technical support for NSX-T using Log Assist that will save a lot of time for operation support teams for dealing with technical support cases for NSX-T.

There are new Findings and Recommendations:

  • NSX-T Findings that picks up deployments issues within your NSX-T
  • VMware Security Advisories has new security advisories added to inform you about potential vulnerabilities to be vigilant about security risks

If you have the Auto Upgrade feature enabled in your Skyline Collector, your Collectors will update automatically. Otherwise you can download the new version from the Collector VAMI. Note, The Skyline Collector must be able to receive update notifications from vapp-updates.vmware.com.

vSphere 6.7 General Support Extended

Previously the general support for vSphere 6.5 and 6.7 was full 5 years since the official release of vSphere 6.5 as 15 November 2021.

Earlier this month VMware has announced extension for General Support of vSphere 6.7. That means the general support for vSphere 6.5 remains as 15 November 20201 while it’s now extended to 15 October 2022 for vSphere 6.7.

This will allow the VMware customers to be able to keep their vSphere platforms in support while preparing for upgrading to vSphere 7.

VMware provides bug and security fixes, patches, upgrades and high priority (P1) technical support for customers on active general support.

Below is the End of General Support (EoGS) availability for vSphere

ProductGeneral AvailabilityEnd of General SupportEnd of Technical Guidance
vSphere 6.012 Mar 201512 Mar 202012 Mar 2022
vSphere 6.515 Nov 201615 Nov 202115 Nov 2023
vSphere 6.717 Apr 201815 Oct 202215 Nov 2023
vSphere 7.002 Apr 202002 Apr 202502 Apr 2027
vSphere Lifecycle Matrix

You might still get technical advice from VMware before EoTG if you have an active VMware support even if your vSphere version is out of general support. However you won’t be able to log high priority P1 tickets with VMware after EoGS.

In terms of licensing, there is no requirement for upgrading license keys if you are upgrading from 6.0 to 6.5 or 6.7 as they are all vSphere version 6.x. But if you are planning to upgrade to vSphere 7.0, the vSphere 6.x licenses won’t work on upgraded products and you will need to assign new Licenses.

I you have an active subscription and support with VMware then you can easily upgrade you vSphere licenses via myVMware portal. Otherwise check out the below link and check your license upgrade eligibility with VMware.


Oracle Linux Virtualization Manager (OLVM)

Oracle Linux Virtualization Manager (OLVM) is replacing OVM Manager and the hypervisor of choice for Oracle is now Kernel based Virtulization (KVM) instead of XEN.

OLVM is a capable virtualization solution especially for super high capacity servers. For instance the current version supports 12TB of memory which is great capability coparing to maximum of 6TB memory support in latest and the greatest ESXi 7.0 flagship hypervisor. Probably the most common use case for OLV would be Oracle DB systems as it provides amazing performance for that kind of workload.

Here are the key features:

  • High performance and scalability: Low-overhead architecture with the KVM hypervisor provides scalable performance under increasing workloads. Supports servers with up to 2048 logical CPUs and 64 TB of memory to accommodate the most demanding enterprise and cloud applications.
  • Broad guest operating system support: Oracle Linux, Red Hat Enterprise Linux, CentOS, and Microsoft Windows.
  • Modern Linux kernel: Oracle Unbreakable Enterprise Kernel (UEK) Release 5 offers high performance and streamlined partner certifications. Server certification includes support for Oracle Linux and Oracle Linux KVM.

All the key functionalities of OVM are available in OLVM including:

  • Live Migration (host and storage)
  • VM High Availability (HA)
  • Policies (DRS, DPM, Anti-Affinity)
  • Rest API
  • Templates (ovf/ova support)
  • Enterprise Manager Integration

And the below functionalities also been added in 4.2.8 release:

  • VM Snapshots
  • RBAC

Below table is a side by side comparison of key features of OVM vs. OLV (KVM) hypervisors:

If you do have Oracle VM virtualization environment in production you will need to plan for migrating to the new Oracle Linux Virtualization as Oracle has extended support for OVM until March 2021.

If you are running OVM version 3.4 then you can use the semi-automatic migration solution for migrating virtual machines from OVM to OLV that requires OVLM 4.3 or higher at the destination platform.

Oracle Documentation for migrating VMs from OVM to OLV

Oracle Linux Virtualization Requirements:

The Oracle Linux Virtualization Manager (OVLM) and Oracle Linux KVM (Hypervisors) have same software (OS) requirements as the below:

Oracle Linux 7 Update 7

Select Minimal Install as the base environment for the installation.

Unbreakable Enterprise Kernel Release 5 Update 1 or later

The following are the minimum system requirements for Oracle Linux Virtualization Manager hosts:
• 64-bit dual-core CPU – Recommended: 64-bit quad core or greater CPU
• 4 GB RAM – Recommended: 16 GB or greater
• 1 network interface card (NIC) – at least 1 Gbps – Recommended: 2 or more NICs
• 25 GB local writable hard disk – Recommended: 50 GB or greater

The following are the minimum system requirements for Oracle Linux KVM hosts.
• 64-bit dual-core with the Intel VT-x or the AMD AMD-V – Recommended: Multiple CPUs
The CPUs must also support the No eXecute flag (NX)
• 2 GB RAM – Maximum Tested: 12 TB
• 1 network interface card (NIC) – 1Gbps – Recommended: 2 or more NICs
• 60 GB of locally accessibly, writable disk space dedicated to Oracle Linux Virtualization Manager

VMware NSX-T 3.0 released

VMware announced NSX-t 3.0 General Availability a few days ago and it’s now available for download in VMware’s portal.

NSX-T 3.0 is a major upgrade from 2.5.1 and has plenty of new features, improvements as well as bug fixes.

I have summarized some of the important features and improvements of the new NSX-T 3.0 in this post and I hope you will find it informative.

Here are the new features:

NSX Federation

  • NSX Federation is the ability to manage, control and synchronize multiple NSX-T deployments over different locations in on-prem, AWS, Azure and Public Clouds.
  • Global Manager is the key component of NSX Federation which provides GUI and REST API endpoint and makes you able to configure consistent security policies across multiple locations and stretched networking objects such as Tier-0 and Tier-1 gateways and segments through a single pane of glass.
  • In the below Youtube video, Dimitri Desmidt explains NSX-T Federation in details as part of Tech Filed day 21VMware Demo and Preview program.
  • Security policies attach to the workload which means the policies move with the workload during failover or migration between environments. This takes care of full network and security fail-over along with SRM VM fail-over which simplifies DR as the network entities would be created once and the segments stretched across between locations. So in event of a disaster the workload can be fully failed-over to the recovery location with all the security policies in place.

Comprehensive Treat protection (Distributed IDS/IPS)

  • NSX Distributed Firewall (DFW) now supports Windows 2016 physical servers in addition to Linux physical servers.
  • New Firewall configuration wizard that simplifies rule creation specially for VLAN backed micro-segmentation
  • Distributed IDS/IPS, Micro-Segmentation for Windows Physical Servers, Time-based Firewall Rules, and a feature preview of URL Analysis for URL Classification and Reputation.
  • The intrusion detection and prevention capabilities can now be enabled within the hypervisor to detect vulnerable network traffic on a per VM or even more granular on per vNIC of a VM basis with granular context based rule inspection which NSX Manager easily downloads and keeps the threat signature pack updated.
  • IDS/IPS can be enabled within Hypervisor to detect vulnerable network traffic on a per VM or even more granlar on per vNIC of a VM
  • Threat detection in NSX IDS is much more efficient comparing to traditional IDS due to its context based inspection mechanism, so you can assign relevant signatures to a VM based on the running serives i.e. Linux or Wondows

NSX-T networking and security for vSphere with Kubernetes

  • Supports full stack netwrking and security for vSphere with Kubernetes including key networking functions: Switching, Distributed routing (T0/T1), Distributed Firewalling, load balancing, Distributed LB, NAT and IPAM and network identity lifecycle.
  • Watch the below Youtube vidoe from Vinay Reddy that explains the networking and security capabilities of NSX-T in vSphere with Kubernetes:
NSX-T for vSphere Kubernetes by Vinay Reddy
  • Integration with VMware Tanzu Kubernetes Grid Service
  • L2-7 container networking services to non-VMware Kubernetes platforms

Telco cloud enhancements

  • Multi tenancy enhancement and support by adding VRF Lite and Overlay EVPN
  • VRF Lite support provides multi-tenant data plane isolation through Virtual Routing Forwarding (VRF) in Tier-0 gateway
  • L3 EVPN support provides northbound connectivity Telco VNFs to the Overlay networks and maintains the isolation on the dataplane by using one VNI per VRF
  • Multicast routing for scalable networking and accelerated data plane performance. Multicast replication is only supported on T0. According to VMware, T1 will be supported in future releases.
  • NAT64 which provides stateful NAT from IPv6 to IPv4
  • East-West service chaining for NFV is the ability to chain multiple services for edge traffic that can now also be extended to redirect edge traffic.
  • IPv6 support for containers

Some other new features

Converged VDS 7.0

  • NSX-T now supports VDS and you can deploy NSX-T on the existing VDS 7.0 with no VM network disruption which makes deployments much easier in brown fields.

Support for vRNI 5.2

  • “In addition to NSX, VMware also rolled out VMware vRealize Network Insight 5.2, the company’s network visibility and analytics software. The new software features machine learning support for Flow Based Application Discovery will automatically group VMs into applications and tiers for a better understanding of what is occurring on the infrastructure,” VMware stated.
  • “vRealize Network Insight 5.2 has new end-to-end visibility of the network path from VM through to VMware Cloud on AWS including the AWS Direct Connect section. For VMware SD-WAN users, there will be additional visibility into SD-WAN application and business policy support,” VMware stated.
  • I review vRNI 5.2 new features and improvements in another post later on.

Automation, OpenStack and other CMP

  • Search API: Exposes NSX-T Search capabilities (already available in UI) through API
  • Terraform Provider for NSX-T – Declarative API support: Provides infrastructure-as-code by covering a wider range of constructs from networking (T0/T1 Gateway, segments), security (centralized and distributed firewall, groups) and services (load balancer, NAT, DHCP).
  • Enhanced Ansible Module for NSX-T support for Upgrade (in addition to install) and Logical object support.
  • OpenStack Integration Improvements: extended IPv6, VPNaaS support and vRF lite support

User interface improvements

  • Brand new Alarms dashboard and Network Topology Visualizations: Provides an interactive network topology diagram of Tier 0 Gateways, Tier 1 Gateways, Segments, and connected workloads (VMs, Containers), with the ability to export to PDF.
  • New Getting Started Wizards: A new getting started wizard is introduced for preparing clusters for VLAN Micro-Segmentation in three easy steps.
  • Quick Access to Actions and Alarms from Search Results: Enhanced search results page to include quick access to relevant actions and alarms. Added more search criteria across Networking, Security, Inventory, and System objects.
  • User Interface Preferences for NSX Policy versus Manager Modes: You can switch between NSX Policy mode and NSX Manager mode within the user interface, as well as control the default display. By default, new installations display the UI in NSX Policy mode, and the UI Mode switcher is hidden. Environments that contain objects created through NSX Manager mode (such as from NSX upgrades or cloud management platforms) by default display the UI Mode switcher in the top right-hand corner of the UI.
  • UI Design Improvements for System Appliances Overview: Improved UI design layout for displaying resource activity and operational status of NSX system appliances.
  • Security Dashboards: NSX-T 3.0 introduces new Security Overview Dashboards for security and firewall admins to see at-a-glance the current operational state of firewall and distributed IDS.
  • Security wizards for VLAN-based Micro-Segmentation: You can configure your data centers to introduce segmentation using NSX-T in very easy steps.
  • Container Inventory & Monitoring in User Interface: Container cluster, Namespace, Network Policy, Pod level inventory can be visualized in the NSX-T User Interface. Visibility is also provided into co-relation of Container/K8 objects to NSX-T logical objects.
  • NCP Component Health Monitoring: The NSX Container Plugin and related component health information like NCP Status, NSX Node Agent Status, NSX Hyperbus Agent Status can be monitored using the NSX Manager UI/API.
  • Physical Servers Listing: NSX-T adds UI support for listing physical servers.


As I mentioned before this release is a major upgrade for VMware NSX solution and I believe it’s moving in right direction. Combination of NSX-T and SDWAN would be a tempting solution for Telco service providers as Telco is adopting virtualization more than ever and network virtualization plays a key role in that transformation.

Here is the “What’s new at a glance” slide for a quick review of new features but more details can be found in the release notes of the product:

If you are keen to deep dive into NSX-T 3.0 details I would suggest you to check out NSX-T 3.0 release notes and then enroll in the VMware Hands-On-Lab NSX-T sessions and do some practice in a very well built lab environment and then download the product and build your own sandbox and check the new features practically.


Release notes:



I hope you find this post useful and thank you for reading!


The material and information contained on this article and my blog are for general information purposes only. You should not rely upon the information on this article as a basis for making any business, legal or any other decisions. Whilst I try to keep the information up to date and correct, I will not be liable for any false, inaccurate, inappropriate or incomplete information presented in this article. I would advise you to check with VMware as a reference in order to make any decision.