In this part of the NSX-T tidbits series, it’s about the current IPv6 support. During the writing of my IPv6 series, I needed to know which features are currently support in the current (3.1) version and found out there isn’t a good overview of it. After digging into blog posts the NSX documentation and release notes, I created the list below. If some features are missing, just let me know, so I can add them.
Update 11-9-2023
- Updated table IPv6 features table up-to version 4.1.1 based on release notes
- Added NSX 4.1.1 Feature overview
- Fixed broken links
Feature overview
Mainly since NSX-T 2.4, IPv6 functionalities have been added. Amit Aneja wrote an excellent post on this matter with the release of NSX-T 2.4, early 2019. Check out his article Introducing IPv6 in NSX-T Data Center 2.4.
The NSX-T documentation of older versions were not clear which (IPv6) features are supported. This is significantly improved over time. VMware created the 3.x product offerings KB articles and the 4.x feature overview. Both are added to the Links section.
So let’s sum up the IPv6 features based on the documentation and release notes since version 2.4 up to the latest, which at time of writing is 4.1.1.
| Category | Version | Feature |
| Tier-0 Gateway | 2.4 | MP-eBGP with IPv4 and IPv6 address families |
| Multi-hop eBGP | ||
| iBGP | ||
| ECMP support with static routes, eBGP and iBGP | ||
| Outbound and Inbound route influencing using Weight, Local Pref, AS Path prepend and MED | ||
| IPv6 Route Redistribution | ||
| IPv6 Route Aggregation | ||
| IPv6 Prefix List and Route map IPv6 Loopback Interfaces | ||
| 3.1 | BGP can advertise IPv4 prefixes over IPv6 only BGP peers (RFC 5549) | |
| 4.0 | BFD IPv6 (for IPv6 BGP neighbors and IPv6 static routes) | |
| Tier-0 / 1 Gateway | 2.4 | Static routes with IPv6 Next-hop |
| DHCPv6 relay | ||
| Neighbor Discovery (ND) | ||
| 2.5 | Stateless Address Autoconfiguration (SLAAC) | |
| Router Advertisement (RA); NSX-T Gateway provides IPv6 parameters | ||
| Duplicate Address Detection (DAD) | ||
| 3.0 | NAT64; Stateful Network Address Translation from IPv6 to IPv4 | |
| Stateful DHCPv6 Support and associated parameters | ||
| Support for Load Balancer (LB) Virtual Servers and Members (except for IPv6-VIP-to-IPv4-member and IPv4-VIP-to-IPv6-member translations) | ||
| 4.1 | Support for IPsec VPN over IPv6 | |
| Logical switching | 2.4 | Native IPv6 and Dual Stack Segments |
| Logical Routing | 2.4 | Native IPv6 and Dual Stack distributed routing |
| 4.0 | DPU-based Acceleration for distributed IPv4 and IPv6 routing | |
| Firewall | 2.4 | L2-L4 stateful distributed firewall (DFW) |
| L2-L4 stateful edge firewall | ||
| Switch security | 2.4 | DHCPv6 server blocking |
| DHCPv6 client blocking | ||
| Router Advertisement (RA) Guard | ||
| IP Discovery | 2.4 | DHCPv6 Snooping |
| VM Tools IPv6 | ||
| Neighbour Discovery (ND) Snooping (by inspecting neighbor solicitation (NS) and neighbor advertisement (NA) messages) | ||
| Operations | 2.4 | Ping, Traceroute, Traceflow |
| Port Mirroring | ||
| IPFIX | ||
| Packet capture on all Transport Node (KVM, ESX and Edge) with IPv6 filters | ||
| 4.0 | NSX Manager dual-stack (IPv4 and IPv6). IPv6 only not supported | |
| External-facing Management Plane; External systems with the NSX management cluster (Local Manager only) – Access to NSX User Interface (UI) and API through IPv6 – Cluster VIP – Communication with vCenter; Except vCenter Extension Manager – Syslog, SNMP, SSH, SFTP, DNS, NTP – LDAP / AD (for user authentication and IDFW) – Operations tools: vRNI, vRLI & vROPs – Telemetry / VAC | ||
| Alarms for maximum IPv4 and IPv6 routes in the routing table and BGP peer maximum advertised prefixes | ||
| Enhanced UI for NSX Tier0 & Tier1 Gateway Interface Statistics to show IPv4 vs IPv6 packets per second | ||
| 4.1 | Support for Control-plane and Management-plane communication between Transport Nodes and NSX Managers over IPv6 | |
| 4.1.1 | Support for Transport Nodes TEP (tunnel end point) traffic over IPv6 | |
| Applications | 3.0 | Container support |
| OpenStack Neutron API support |
To conclude
By putting this info into the main IPv6 series, the post was getting too long. That’s why these are a good fit for a tidbit. If you’re interested in the IPv6 series, the different parts can be found here:
- Part 1: IPv6 Primer
- Part 2: IPv6 at home using 6RD
- Part 3: Native IPv6 in the Lab
- Part 4: IPSec VPN
- Part 5: IPv6 with NSX-T
Useful links
Introducing IPv6 in NSX-T Data Center 2.4
Product offerings for VMware NSX-T Data Center 3.1.x (80866)
Product offerings for VMware NSX-T Data Center 3.2.x (86095)
0 Comments