VMware NSX-T 3.1.1 has just been released with awaited OSPF routing support for the north band connectivity. Prior to 3.1.1 there was no OSPF routing protocol available so we had to use BGP instead as dynamic routing protocol for connecting to the corporate and outside network.
OSPF can now be enabled only on the external interface and also can be in the same OSPF area even across multiple Edge Nodes. That’s a great news for you if you have NSX-V in your environment and planning to migrate to NSX-T, because the OSPFv2 will make the migration a lot easier if you are already using OSPF in your environment.
There are lots of other enhancements in 3.1.1 that I will list some of the key ones below:
- OSPFv2 Support on Tier-0 Gateways
- NSX-T Data Center now supports OSPF version 2 as a dynamic routing protocol between Tier-0 gateways and physical routers. OSPF can be enabled only on external interfaces and can all be in the same OSPF area (standard area or NSSA), even across multiple Edge Nodes. This simplifies migration from the existing NSX for vSphere deployment already using OSPF to NSX-T Data Center.
NSX Data Center for vSphere to NSX-T Data Center Migration
- Support of Universal Objects Migration for a Single Site
- You can migrate your NSX Data Center for vSphere environment deployed with a single NSX Manager in Primary mode (not secondary).
- Migration of NSX-V Environment with vRealize Automation – Phase 2
- The Migration Coordinator interacts with vRealize Automation (vRA) to migrate environments where vRealize Automation provides automation capabilities. This release adds additional topologies and use cases to those already supported in NSX-T 3.1.0.
- Modular Migration for Hosts and Distributed Firewall
- The NSX-T Migration Coordinator adds a new mode to migrate only the distributed firewall configuration and the hosts, leaving the logical topology(L3 topology, services) for you to complete. You can benefit from the in-place migration offered by the Migration Coordinator (hosts moved from NSX-V to NSX-T while going through maintenance mode, firewall states and memberships maintained, layer 2 extended between NSX for vSphere and NSX-T during migration) that lets you (or a third party automation) deploy the Tier-0/Tier-1 gateways and relative services, hence giving greater flexibility in terms of topologies. This feature is available from UI and API
- Modular Migration for Distributed Firewall available from UI
- The NSX-T user interface now exposes the Modular Migration of firewall rules. This feature simplifies lift-and-shift migration where you vMotion VMs between an environment with hosts with NSX for vSphere and another environment with hosts with NSX-T by migrating firewall rules and keeping states and memberships (hence maintaining security between VMs in the old environment and the new one).
- Fully Validated Scenario for Lift and Shift Leveraging vMotion, Distributed Firewall Migration and L2 Extension with Bridging
- This feature supports the complete scenario for migration between two parallel environments (lift and shift) leveraging NSX-T bridge to extend L2 between NSX for vSphere and NSX-T, the Modular Distributed Firewall.
- NSX Policy API support for Identity Firewall configuration
- Setup of Active Directory, for use in Identity Firewall rules, can now be configured through NSX Policy API
Advanced Load Balancer Integration
- Support Policy API for Avi Configuration
- Service Insertion Phase 2 – Transparent LB in NSX-T advanced load balancer
Some other key features and changes:
- Supports for Guest Users and Local User accounts
- Upgraded FIPS compliant Bouncy Castle
- NSX Cloud
- NSX Marketplace Appliance in Azure
- NSX Cloud Service Manager HA
- NSX Cloud for Horizon Cloud VDI enhancements
- UI-based Upgrade Readiness Tool for migration from NVDS to VDS with NSX-T Data Center
- Enable VDS in all vSphere Editions for NSX-T Data Center Users
- This release supports a maximum scale of 50 Clusters (ESXi clusters) per vCenter enabled with vLCM, on clusters enabled for vSphere with Tanzu
- Starting with NSX-T 3.1.1, NSX-T will reject x509 certificates with duplicate extensions
There are long list of bug fixes in this release.
Check out the details on the official VMware release notes here.