In terms of the Distributed Firewall UI changes I couldn’t spot any drastic changed except for some consistency changes with the Rule Name and Action option.
I’ve gone through the list of resolved issues and pulled out the list of fixes that impact my day to day with NSX-v the most. The ones in Red being of extra significance.
- Security patch to address the glibc vulnerability, CVE-2015-7547
The 6.2.2 release delivers a security patch to address CVE-2015-7547.
- Rules not pushed to host
DFW rule/ip list updates failed to be scheduled due to task framework resource limitations in NSX Manager. Error message showed a failure to queue tasks for Change Notification threads.
- Traffic interrupted for 50 seconds after HA failover on ESG
This issue was caused when NSX failed to synchronize the static routes among the HA NSX Edge nodes.
- NSX load balancer IP_HASH health check issue
In IPVS, when using the source-ip hash algorithm, if the selected backend server’s weight equals 0, a “service unavailable” reply is sent even if there are healthy backend servers.
- Packet sent to LIF without DHCP relay results in PSOD
The ESXi host suffers a PSOD if a DHCP unicast packet is addressed to the IP of a LIF that is expected to have DHCP relay enabled but the actual receiving LIF does not have DHCP relay enabled.
- DFW Publishing error
Modifying and saving DFW rules in filtered mode may result in rules not being saved and published.
Still a fairly long list of Known Issues so make sure you are aware of what is still problematic in the product to ensure you are not impacted…even with that great to see so much work going into making NSX-v even an even more reliable and stable platform.