Impact of adding Overlay Transport Zone to VLAN-Prepared Cluster with NSX on DVPGs
search cancel

Impact of adding Overlay Transport Zone to VLAN-Prepared Cluster with NSX on DVPGs

book

Article ID: 411587

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention VMware NSX

Issue/Introduction

This KB addresses concerns regarding potential impact or disruption to data plane traffic and DFW enforcement when adding an Overlay Transport Zone to an existing VLAN-prepared cluster with NSX on DVPGs enabled.

Environment

 VMware NSX 4.2.x

  • NSX on DVPGs enabled

  • VLAN-prepared cluster

  • Distributed Firewall (DFW) configured

Resolution

The process of adding an Overlay TZ to a VLAN-prepared cluster with NSX on DVPGs does not disrupt the data plane or DFW enforcement.

  • Adding an Overlay Transport Zone to a VLAN-prepared cluster is a non-disruptive operation.

  • There is no impact to existing TCP/UDP sessions.

  • No packet drops are introduced.

  • DFW rules remain continuously enforced.

Additional Information

  • The lack of impact applies whether adding an Overlay Transport Zone to the existing Transport Node Profile or applying a new Transport Node Profile with VLAN + Overlay Transport Zones.

  • Both approaches result in no disruption to data plane traffic or DFW rule enforcement.

Powered by Wolken Software