VMware NSX released. SmartNICs/DPUs and Multi-Tenancy in focus

 VMware NSX formerly known as NSX-T has been released on Oct. 13. 2022.

These are the major key features:

1. Support for DPUs / SmartNICs

Based on VMware's project monterey SmartNICs are ready for production in conjunction with vSphere 8. A SmartNIC offloads general networking activities of an ESXI hosts and NSX.

SmartNICs have two major key takeaways. Decreased latency and therefore higher performance and throughput. Furthermore, they reduce the load of CPU of the ESXi hosts.

They can offload vmxnet3 and NSX routing traffic fully to the SmartNIC. Also, vSAN has significant performance improvements due to reduced latency. The reduced latency might also perform similar to SRIOV partioning of current network cards.

The Distributed Firewall can be offloaded in the future. It is currently included as a tech preview.

At the moment (Oct 2022) AMD Pensando (AMD Pensando DSC2-25 Dual Port 25GbE) and NVIDIA Bluefield (NVIDIA Bluefield-2 Dual Port 25GbE SFP28) are possible VMware certified SmartNICs.

Details for NSX support: 

The following NSX capabilities are supported with DPU-based Acceleration for NSX:

  • Networking:

    • Overlay and VLAN based segments

    • Distributed IPv4 and IPv6 routing

    • NIC teaming across the SmartNIC / DPU ports

  • Security (Tech Preview)

    • Distributed Firewall

    • Distributed IDS/IPS

  • Visibility and Operations

    • Traceflow

    • IPFIX

    • Packet Capture 

    • Port Mirroring

    • Statistics

  • Supported Vendors

    • NVIDIA Bluefield-2 (25Gb NIC models only) – (UPT - Tech Preview)

    • AMD / Pensando (25Gb and 100Gb NIC models)

  • Scale

    • Single DPU is supported per host consumed by single VDS


VMware Compatibility Guide for SmartNICs / DPUs


 2. Introduction of Multi-Tenancy in NSX

 It is now possible to have multiple projects and contexts in NSX. There is the known default context, where all configuration of previous NSX releases and current non multi-tenancy configuration is stored.

Configuration of Tier1 Gateways, segments, groups, firewalls and more can be stored into a projects.

This allows that several Teams can administrate their network infrastrucure indepentend of other services.

In this 4.0.1 release, this feature is implemented on API level only. Future releases to allow this configuration in an GUI is imaginable.