The NSX Advanced Load Balancer supports IPv6 and IPv4 network infrastructure for data plane while the management plane is still dependent on IPv4 network infrastructure. With increased adoption of IPv6 in traditional networks and modern infrastructure, enterprises are moving to hybrid (IPv4 + IPv6) layer3 networks.

With version 22.1.3, the NSX Advanced Load Balancer supports IPv6 configuration for its Controllers and connectivity between Controllers to Service Engines. This support enables the IPv6 communication between control plane and data plane as an option.

In earlier versions, the NSX Advanced Load Balancer supported configuring secondary interfaces and static routes on the Controller at the cluster level, and moving HSM connections to the secondary interface using a configurable label. For more information on this configutation, see Controller Interface and Route Management section in High Availability and Redundancy topic.

Starting with version 22.1.3, an SE_SECURE_CHANNEL label can be attached to the secondary interface of Controllers for SEs to connect to the Controllers. This secondary interface can be IPv6 and the SE can connect to the interface using its IPv6 management address. The following features are supported on the Controller and Service Engine side of the NSX Advanced Load Balancer version 22.1.3:

  • Service Engine to Controller communication over IPv6

  • Service Engine to Service Engine communication over IPv6 for internal applications

  • Service Engine to log-streaming servers over IPv6

  • DNS resolution on Service Engine over IPv6

Note:

This feature is currently under Tech Preview.

Considerations

  • This feature is only supported in VMware ecosystems with No-access and Write-access vCenter Cloud type.

  • Only Static IP mode is supported for the IPv6 interface on the Controller.

  • You can configure either IPv4 or IPv6 address for the secondary interface on the controller.

  • The access controls are applied only to the primary interface. It is recommended to use external firewall settings to restrict access, for instance, inbound SSH to the additional interface. For more information, see Securing Management IP Access section in VMware NSX Advanced Load BalancerAdministration guide.

Enabling the System to Utilize IPv6 for Management Plane

To enable the system to utilize IPv6 for management plane, run the following steps:

  • Create Controllers with IPv6 management IP configured.

  • Enable IPv6 communication between Service Engine to Controllers for the following cloud use-cases:

    • Write access vCenter cloud

    • No access Service Engine in vCenter

  • Enable IPv6 for client log streaming to external servers. For more information on streaming client logs, see Streaming NSX Advanced Load Balancer Client Logs to an External Server section in Analytics topic in VMware NSX Advanced Load BalancerMonitoring and Operability guide.

  • Enable IPv6 for DNS resolution on Service Engine. For more information on DNS resolution, see Configuring DNS Resolution on Service Engine.

Caveats

  • You can configure either IPv4 or IPv6 address for the secondary interface on the Controller. Dual stack mode for Controller’s management IP configuration is currently not supported in the NSX Advanced Load Balancer.

  • IPv6 Management plane support is not available in FIPS mode with 22.1.3 release.