NSX 4.2.1.1 Hotfix Update

The latest NSX update delivers a comprehensive set of fixes to enhance stability, performance, and security. Here’s a summary of the resolved issues and their impact:

1. Enhanced Stability for Virtual Environments

• Loss of IP Bindings after VMotion (Issue 3453866): Addressed the removal of IP bindings and logical ports associated with VMs during vMotion events.
• Critical ESXi Errors with UENS (Issue 3456283): Fixed intermittent PSODs caused by control priority filter lookups, ensuring smoother ESXi operations.
• Portgroup Creation Issue (Issue 3458111): Resolved the creation of additional portgroups during full sync, preventing potential vCenter crashes.
• Transport Zone Reference Issue (Issue 3454291): Fixed transport zone profile mismatches, restoring vMotion and service functionality.

2. Improved Network Performance

• TCP Packet Drops in EDP (Issue 3457047): Resolved issues causing TCP connection drops when using Enhanced Datapath configurations.
• Packet Reordering with LRO (Issue 3456533): Fixed packet reordering issues when HW Large Receive Offload is enabled, improving TCP throughput.
• Reduced Traffic Performance with UENS and LRO (Issue 3456289): Addressed performance degradation in VSAN workloads.

3. Robust Security and Monitoring

• NSX UI Alarm for Metrics Delivery Failure (Issue 3456663): Fixed authentication issues following certificate changes to restore metrics delivery.
• IDPS and TLS Prevention (Issue 3458040): Enhanced malicious traffic prevention by resolving decryption issues with IDPS.
• IDPS Events and Certificate Verification (Issue 3458038): Restored the flow of IDPS events to Security Intelligence by fixing Kafka channel errors.

4. Stability in Upgrades and Configurations

• NSX Manager Slowness (Issue 3453882): Resolved slowness and instability in NSX Manager post-upgrade.
• Edge Node IP Table Rules (Issue 3452795): Ensured proper application of IP table rules on Edge nodes.
• NSX Configuration Realization (Issue 3452794): Fixed issues preventing configuration realization on Transport Nodes.

5. Enhancements in Distributed Firewall and Flow Management

• DFW Rules During Upgrade (Issue 3450247): Mitigated periods where DFW rules were disabled during the upgrade process.
• Flow Exporter Alarms (Issues 3429787, 3456644): Fixed alarms and restored flow export functionality for Security Intelligence.

6. Overlay and Connectivity Improvements

• Overlay Segment Connectivity (Issue 3450019): Addressed connectivity loss in Overlay Segments when Edge TEP groups were enabled.

Conclusion

This NSX update resolves critical issues to improve operational reliability, security, and performance in virtual environments. For a seamless experience, upgrading to this release is highly recommended. As always, thorough testing in a staging environment before deployment in production is advised.