New features with NSX-T 3.0 - Federation and Kubernetes on vSphere

By | April 7, 2020

VMware released NSX-T 3.0 today with some interesting features. In my opinon, the most important are below:

  • Modern Apps Networking: NSX-T for vSphere with Kubernetes, container networking and security enhancements.
  • Cloud-scale Networking: NSX Federation.

NSX-T Federation

NSX-T 3.0 introduces Federation - a possibility to connect many NSX-T instances with below benefits:

  • Consistent Policy Configuration and Enforcement.
  • Simplified DR.
  • Operational simplicity not only for NSX-T Data Center but NSX Cloud too.
source: VMware

The main component is the Global Manager (GM) based on appliances and active/standby clusters (three nodes in each for scalability and availability) topology. You can configure all network and security policies via GM (GUI or API) which helps to maintain consistent configuration across locations. There is a Local Manager (LM) located on each location.

source: VMware

There are some requirements:

  • There must be a latency of 150 ms or less between locations.
  • The Global Manager and all Local Managers must have NSX-T Data Center 3.0 installed.
  • One Global Manager can support up to three locations.
  • Global Manager supports only Policy Mode. Federation does not support Manager Mode.

For more information and how to simplify DR using NSX-T Federation, I recommend to watch a below video recorded during TFD21:

NSX-T and Kubernetes

vSphere 7.0 was released a couple of days ago. It introduced native Kubernetes support. NSX-T 3.0 introduces container networking (e.g. Distributed Load Balancer (DLB)) and security enhancement for k8 on vSphere. More info on below video.

Additional features introduced with NSX-T 3.0:

  • Intrinsic Security: Distributed IDS, Micro-Segmentation for Windows Physical Servers, Time-based Firewall Rules.
  • Automation Enhancements - Terraform Provider for NSX-T - Declarative API and Ansible Module for NSX-T - Upgrade and Logical object support.
  • Telco Cloud: L3 EVPN for VM mobility, accelerated data plane performance, NAT64, IPv6 support for containers, E-W service chaining for NFV

and more operations, security and networking features.

Summary

Despite the end of support of NSX-v scheduled at the beginning of 2022, NSX-T 3.0 looks interesting for replacing an older brother. It would help to provide better load balancing, multi-site networking and security across various platforms (including containers).

Useful resource

NSX-T 3.0 Release Notes

NSX-T Federation Configuration

NSX-T 3.0 Download