NSX 4 is now available, and it was a surprisingly sparse release in terms of new capabilities.
NSX 4.0 appears to be a "clean house" initiative, so while it's missing "whizz-bang" new data plane features it does address a variety of issues I am happy to say are now closed:
- Numerous documented API deprecations. Normally this wouldn't be that big of a deal, but NSX 3.x dropped several experiments (NSX ALB front-end, for example) that stayed available throughout the release train
- Deprecating host-based N-VDS
- Deprecating KVM and older Linux support (RHEL 7.8, 8.0,8.3) KVM was announced early in 3.0, and the affected EOL dates for RHEL releases have already been exceeded. It is an odd choice for physical servers, though.
- Lifecycle Management improvements (I can't test these until the next upgrade).
- IPv6 Management Plane support. Unfortunately, VTEPs aren't part of this release, and vSphere is still behind the curve in terms of IPv6 support, limiting efficacy. It's unsurprising to see the Network teams be ahead of the Virtualization teams on network goals.
- HSTS is implemented for the WebUI as well. New installs will need to run an override prior to installing a new certificate.
- API endpoint to replace API certificate:
- API endpoint to replace cluster certificate:
Let's review how a new deployment may differ from previous installations:
IPv6 options have now been added to the OVA:
When deploying new workloads with IPv6 support - it's important to have a plan to access those addresses. The best strategy for enterprises and home labs is roughly the same, but with different products. Make your DNS dual-stack, and enter AAAA (IPv6 host records) for each service that supports IPv4 and IPv6. Let your client services do it seamlessly and transparently. End users shouldn't have to care about IPv6 being used. Configuring DNS as-code from a source repository makes this migration easy.
The browser add-on IPvFoo can tell you if you're using native IPv4 or a fallback mode. It'll also tell you what IP addresses you're talking to for a given page to load, which is incredibly useful.
To access an IP address with IPv6 in a web browser, the notation is a little different:
To fully leverage IPv6, you need to give vCenter the same treatment. VMware's documentation on it is here. I executed the change from the VAMI (
https://vcenter:5480) under Networking using the supported wizard.
Note: This will incur brief downtime for vCenter, and interrupt services like VCHA! Execute a vCenter backup before executing this work!
And that's about it! We can see NSX Manager with an IPv6 address in the Appliance UI:
And, IPvFoo reports all IPv6 for the front-end:
NSX 4.0 was a mellow release by VMware standards - but according to the Semantic Versioning rules, breaking changes automatically increment a major version. The API deprecations justify the version increment on these terms.
Note: The most important part (NSX Control Plane, VTEPs) are still to be completed.