NSXbytes0
Last week VMware released version 6.2.2 of NSX-v. The 6.2.2 release is mainly aimed at patching a security hole in the glibc libraries as well as removing a constraint with the DHCP Pool setup allowing .local domains in the config and improving the user experience when configuring the Distributed Firewall. Once following the standard NSX Upgrade Process you will see NSX Manager build 6.2.2.3604087 and as shown below the NSX Controllers will be at build 6.2.46427

nsx622_up_1

In terms of the Distributed Firewall UI changes I couldn’t spot any drastic changed except for some consistency changes with the Rule Name and Action option.

nsx622_up_3 nsx622_up_4

I’ve gone through the list of resolved issues and pulled out the list of fixes that impact my day to day with NSX-v the most. The ones in Red being of extra significance.

  • Security patch to address the glibc vulnerability, CVE-2015-7547
    The 6.2.2 release delivers a security patch to address CVE-2015-7547.
  • Rules not pushed to host
    DFW rule/ip list updates failed to be scheduled due to task framework resource limitations in NSX Manager. Error message showed a failure to queue tasks for Change Notification threads.
  • Traffic interrupted for 50 seconds after HA failover on ESG
    This issue was caused when NSX failed to synchronize the static routes among the HA NSX Edge nodes.
  • NSX load balancer IP_HASH health check issue
    In IPVS, when using the source-ip hash algorithm, if the selected backend server’s weight equals 0, a “service unavailable” reply is sent even if there are healthy backend servers.
  • Packet sent to LIF without DHCP relay results in PSOD
    The ESXi host suffers a PSOD if a DHCP unicast packet is addressed to the IP of a LIF that is expected to have DHCP relay enabled but the actual receiving LIF does not have DHCP relay enabled.
  • DFW Publishing error
    Modifying and saving DFW rules in filtered mode may result in rules not being saved and published.

Still a fairly long list of Known Issues so make sure you are aware of what is still problematic in the product to ensure you are not impacted…even with that great to see so much work going into making NSX-v even an even more reliable and stable platform.

References:

https://pubs.vmware.com/Release_Notes/en/nsx/6.2.2/releasenotes_nsx_vsphere_622.html