VMware NSX 6.4.2 - what's new?

VMware has released a new version of NSX Data Center - 6.4.2; in this post we are going to quickly run through what are the upgrades and changes introduced with this release.

VMware NSX 6.4.2 - what's new?

Breaking news: VMware has just released VMware NSX 6.4.2

Let's quickly run through the latest changes in this leading SDN solution:

1. Multicast Routing Support

Finally, in VMware NSX Data Cetner 6.4.2 we're getting what we all have been waiting for so long - support for routing IPv4 routing in NSX Logical Routers.

vSphere 6.4.2

The location of the Virtual Machine multicast receivers (identified by their hypervisor, Logical Switch and Virtual NIC) is discovered thanks to IGMP snooping within the NSX domain. The Edge Service Gateway (ESG) runs PIM sparse mode with physical routers and coordinates with the Distributed Logical Router (DLR) in order to provide both ways multicast connectivity from Virtual Machines to the outside world.

For added multicast replication performance in the VXLAN Overlay, NSX leverages Layer 2 multicast in an underlying physical infrastructure running IGMP snooping.

2. Context-Aware Micro-Segmentation

The security aspect of NSX has also received an upgrade thanks to VMware releasing Context-Aware Micro-Segmentation. This function is said to provide better security for applications using their context. This latest release includes the following new Layer 7 Application Context:

  • EPIC – Epic EMR is an electronic medical records application that provides patient care and healthcare information.
  • MSSQL – Microsoft SQL Server is a relational database.
  • BLAST – A remote access protocol that compresses, encrypts, and encodes computing experiences at a data center and transmits it across any standard IP network for VMware Horizon desktops.

To learn more about Context-Aware Micro-Segmentation:

3. Security – Usability Enhancements

3.1 Firewall Rule Hit Count
With the new release of VMware NSX for Data Centers, we will also have an easier time identifying firewall rules which do not really make any sense thanks to the enhanced firewall rule tabl which will now display total rule hits, as well as information on when the rule was first hit, and when the rule was most recently hit.

3.2 Firewall Section Locking

With NSX 6.4.2, firewall rule sections can be locked while making modifications, to prevent multiple users from simultaneously making changes to the same sections. This is a great improvement for any environment with multiple security administrator with write privileges to VMware NSX firewall rule tables.

3.3 NSX Application Rule Manager – Scale Improvements

NSX Application Rule Manager takes the allowed flows observed in the network and pushes policies directly into the distributed firewall within a few clicks. In NSX 6.4.2, brings the number of vNICs per session to 100, further simplifying the process of creating security groups and whitelisting firewall rules for existing applications.

To learn more about NSX Application Rule Manager:

4. Operational Enhancements

Other major changes in this release include:

  • Authentication & Authorization: 2 new roles (Network Engineer and Security Engineer); ability to enable/disable basic authentication.
  • NSX Scale Dashboard: visibility into 25 new metrics.; ability to edit usage warning thresholds and filter for objects exceeding limits.
  • NSX Controller Cluster Settings: Specify common settings (DNS, NTP, Syslog) to apply to NSX Controller Cluster.

For more details on What’s New in VMware NSX for vSphere 6.4.2:

Related Article