In VMware Cloud Foundation (VCF), the Standard Architecture provides a flexible and scalable design for deploying cloud infrastructure in an enterprise environment. When using dedicated NSX domains for each Workload Domain (WLD), the architecture is optimized for scenarios where you need isolated, independent network and security configurations for each workload domain, enhancing security, performance, and scalability.

This is part of VMware's platform for managing and integrating virtualization, compute, storage, and networking in a hyper-converged infrastructure (HCI) environment.

Let’s break down what the Enhanced Data Path and the High-Performance Switch mean within the context of VCF:

Enhanced Data Path

• The Enhanced Data Path is a feature aimed at improving networking performance and optimizing data flow within a virtualized data center. It focuses on making network communication more efficient, reducing latency, and ensuring that data moves through the system at high speed with minimal overhead.

• In virtualized environments, traditional networking may introduce delays due to virtual switches and network overlays that handle the routing of traffic. The Enhanced Data Path helps streamline this process, particularly for workloads requiring high throughput, such as data-intensive applications, machine learning, or real-time processing.

• The Enhanced Data Path likely involves techniques like:

  • Direct data forwarding to reduce the need for virtual switch intervention, bypassing some software layers for faster throughput.
  • Optimized traffic flow management, especially for east-west traffic (VM-to-VM or storage-to-VM) inside the data center.
  • Improved tunneling and encapsulation in network overlays (e.g., VXLAN), ensuring that network packets are processed more efficiently.

High-Performance Switch

• The High-Performance Switch is SDN features in VMware NSX that are designed to enable high-throughput, low-latency, and scalable networking. These switches are designed to handle large-scale deployments and are optimized to work in virtualized environments.

• High-Performance Switch include:

  • Improved packet processing capabilities that are optimized for modern data center traffic patterns.
  • Efficient data plane processing, often leveraging hardware acceleration where available (such as DPDK (Data Plane Development Kit) or SR-IOV for reducing virtualization overhead).
  • Support for traffic segmentation and QoS (Quality of Service) to prioritize critical workloads over less important traffic, ensuring predictable performance.
  • Enhanced Security: Security features like micro-segmentation and flow monitoring are integrated into these high-performance switches to protect the network without compromising performance.

How to enable:

To Enable during cluster addition via SDDC Manager (this feature is not enableds by default):

1. Under Switch Configuration
2. Select "Enhanced Datapath Interrupt"

It will be enables on all nodes of the cluster

Confirm which mode is in use:

•  Check the corresponding transport node profile in NSX Manager

How to enable using API:

POST: https:///v1/clusters
"name": "<vds-name>",
"'nsxtSwitchConfig" : ( 
"hostSwitchOperationalMode": "ENS-Interrupt"

VMware Cloud Foundation (VCF) 5.2 is a comprehensive platform that integrates VMware’s compute, storage, networking, and management layers into a single, unified infrastructure. The latest version of NSX in VCF 5.2 introduces several new features and enhancements aimed at improving performance, scalability, network optimization, and manageability. Here’s a detailed look at some of the key enhancements in NSX within VCF 5.2.
Lets talk briefly about main fetures and in the next few articles I will spend a bit of time focusing on: 
- TEP Group - Multi-pathing for TEP (Tunnel Endpoints) and
- Enhanced Data Path - High Performance Switch

1. Network Assessment and Optimization Report

VCF 5.2 introduces an enhanced Network Assessment and Optimization Report to provide better visibility into the health and performance of the network infrastructure. This report helps network administrators identify bottlenecks, misconfigurations, or performance issues across NSX networks. The optimization tool analyzes the network's configuration and offers actionable insights and recommendations to improve performance, stability, and security.

Key benefits:

• Improved troubleshooting capabilities.
• Actionable insights for optimizing network designs.
• Enhanced ability to proactively manage network infrastructure.

2. Centralized License Management

It allows administrators to manage NSX licenses across the entire VMware Cloud Foundation stack from a single location. This centralization simplifies license tracking, renewal, and compliance, reducing the complexity of managing separate licenses for different NSX components (such as NSX Manager, NSX Edge, and NSX Distributed Firewall).

Key features:

• Centralized dashboard for viewing license status.
• Automated license assignment across multiple components.
• Simplified license renewals and upgrades.

3. Enhanced Image Customization IPv6 Support for NSX Manager

IPv6 support enables use of IPv6 addressing for both management and operational purposes within NSX components. With this enhancement, organizations can now deploy NSX across IPv6-enabled environments, improving the flexibility of network configurations.

Key highlights:

• Full IPv6 support for NSX Manager, ensuring future-proofing in IPv6 networks.
• Seamless integration with other VMware Cloud Foundation components like vSphere, vSAN, and vCenter.
• Simplified network management for IPv6-native environments.

4. BGP Troubleshooting and Monitoring

NSX in VCF 5.2 brings significant improvements to BGP Troubleshooting and Monitoring. BGP is critical for dynamic routing in large-scale, multi-site networks. Enhanced troubleshooting tools within NSX now allow administrators better diagnose BGP session issues, route advertisements and network path problems.

Key enhancements:

• Enhanced visibility into BGP sessions, including real-time status and history.
• Detailed metrics for route advertisements, session states, and error logs.
• Streamlined troubleshooting with actionable insights directly within NSX Manager.

5. Multitenant VPN

This feature allowing for more robust and scalable VPN solutions. This feature provides secure and isolated connectivity between multiple tenants across various environments, making it ideal for Service Providers or multi-tenant environments.

Key features:

• Support for both IPsec and SSL VPN for tenants.
• Better isolation between tenant networks for security and compliance.
• Simplified configuration and management of tenant-specific VPNs from a central NSX Manager interface.

6. Certificate Management Simplification

Addresses the complexity associated with managing SSL/TLS certificates within NSX. VCF 5.2 simplifies certificate provisioning, renewal, and validation processes, improving both security and operational efficiency.

Key improvements:

• Centralized management of certificates across the entire NSX stack.
• Simplified process for importing, validating, and renewing certificates.
• Automated certificate expiration alerts and management tasks.

7. TEP Group - Multi-pathing for TEP (Tunnel Endpoints)

The TEP Group feature in NSX 5.2 introduces multi-pathing for Tunnel Endpoints (TEPs), enhancing network performance and resiliency. This improvement allows NSX components to use multiple paths for traffic flow between Tunnel Endpoints, helping to avoid network congestion and improve fault tolerance.

Key benefits:

• Increased fault tolerance and network availability with multiple paths.
• Better utilization of network bandwidth across TEPs.
• Enhanced load balancing between different TEPs, ensuring higher network throughput.

8. Enhanced Data Path - High Performance Switch

VCF 5.2 introduces an Enhanced Data Path that includes a High Performance Switch (HPS). The HPS is designed to accelerate data path performance within NSX, improving network throughput, reducing latency, and enhancing overall performance for demanding workloads.

Key features:

• Optimized for high-performance networking tasks like vMotion, storage traffic, and East-West traffic within the NSX overlay network.
• Significant performance improvements for resource-intensive applications and services.
• Reduced latency and jitter in virtualized environments, making NSX an even better solution for real-time workloads and high-performance computing environments.

to summarise:

VCF 5.2, with its advanced NSX features, offers enhanced network optimization, security, and scalability. With improvements in BGP monitoring, IPv6 support, certificate management, and multitenant VPN, it enables businesses to meet the growing demands of their networks while ensuring seamless, high-performance operations. These new features help enterprises streamline their cloud operations, improve performance, and simplify network management in increasingly complex, hybrid environments.

Check next several related articles...

This quick article focusing on Connecting 2 NSX EDGEs via dynamic routing protocol. BGP (Border Gateway Protocol) in this case.

Connecting two NSXinstances using BGP is an essential practice in larger, distributed network environments. BGP helps with dynamic routing between multiple NSX instances, enabling them to share routing information and automatically adjust paths in case of network failures.

Initial requirements:

• Ensure both NSX instances are deployed and operational.
• The NSX Edge devices should be configured and ready to support BGP.
• IP connectivity between the two NSX Edge routers in place. Check connectivity with ICMP for example.
• A BGP ASN (Autonomous System Number) for each NSX instance wil be configured. Make sure you planning it properly. Use ASN from 65XXX.

Steps to Connect Two NSX Instances with BGP

1. Login to NSX Manager: Access the NSX Manager web interface of both NSX instances.

2. Configure BGP on NSX Edge: Navigate to the NSX Edge configuration page on both instances. You will need to configure the BGP settings on the Edge routers that are connected to each network.

   • Go to System > Routing > BGP.
   • Click Add to create a new BGP configuration.

3. Assign BGP ASN: On each NSX Edge, specify the BGP ASN (Autonomous System Number) unique to each instance. Make sure the ASNs are different for each NSX instance to avoid conflicts. Use ASN from 65XXX.

   Im my case I will use:

   • NSX Instance 1: ASN 65051
   • NSX Instance 2: ASN 65052

4. Set BGP Neighbor Configuration: Under the BGP configuration, you need to specify the neighbor IP address (the IP address of the remote (second) NSX Edge), as well as the remote ASN of the opposite NSX EDGE.

   In my LAB it is:

   • NSX Instance 1:
     • Neighbor IP: 172.17.5.2
     • Remote ASN: 65052
   • NSX Instance 2:
     • Neighbor IP: 172.17.5.1
     • Remote ASN: 65051

5. Configure Networks to Advertise: Decide which networks each NSX Edge will advertise to the other NSX instance. We can do rout-map filtering as well, if required. It allows to control exchanging the routes between EDGEs.

6. Enable BGP: Ensure you enable the BGP session on both NSX Edges. Check the "Enable BGP" box and save the configurations.

7. Verify BGP Session: Once the BGP session is established, verify the session status from the NSX Edge interface:

   • Go to System > Routing > BGP.
   • Ensure the BGP session is Established and that the advertised routes are visible under the Routing Table.

8. Monitor and Troubleshoot:

   • You can use tools like show bgp summary or show bgp neighbor from the NSX CLI for troubleshooting.
   • If the session does not come up, verify IP reachability between the two NSX Edges and check for any misconfigurations in ASNs or neighbor IPs.
   • In my experince it is easy task allow dynamically exchange routing information and automatically adjust paths based on network changes.

Always practice on the LAB before implementing in production.

Issue recently appeared that 2 guests out of 50 not response to ICMP from another vCenter VMs.

Source and destination on the same proadcast domain stratched accross all vCenters.

All VMs in the same vCenter can communicate with no issues.

Just 2 VM experiencing issues.

MAC address appeared on the source VM.

Checked mac address table on all equipements, looks ok.

Next step to do packetcap on vmnic of destination VM.