For NSX-T deployments, you can create networks and ports backed by a transport zone supporting N-VDS enhanced data path mode.


This feature is offered in VMware Integrated OpenStack Carrier Edition only. For more information, see VMware Integrated OpenStack Licensing.

An NSX-managed virtual distributed switch (N-VDS) can operate in enhanced data path mode to provide network performance improvements needed by NFV workflows. For more information, see Enhanced Data Path in the NSX-T Installation Guide.


Create a separate availability zone for the N-VDS in enhanced data path mode. See Create a Neutron Availability Zone for an NSX-T Deployment.


  1. Log in to the OpenStack Management Server as viouser.
  2. If your deployment is not using a custom.yml file, copy the template custom.yml file to the /opt/vmware/vio/custom directory.
    sudo mkdir -p /opt/vmware/vio/custom
    sudo cp /var/lib/vio/ansible/custom/custom.yml.sample /opt/vmware/vio/custom/custom.yml
  3. Open the /opt/vmware/vio/custom/custom.yml file in a text editor.
  4. Uncomment the nsxv3_disable_port_security_for_ens parameter and set its value to true.

    Port security is not supported with N-VDS enhanced data path mode.

  5. Deploy the updated configuration.
    sudo viocli deployment configure --limit controller

    Deploying the configuration briefly interrupts OpenStack services.

What to do next

When you create networks that consume N-VDS enhanced data path, specify the availability zone created for it.