By Susan Wu, Senior Product Marketing Manager and Yasen Simeonov, Senior Technical Product Manager, Networking and Security Business Unit

Kubernetes has become mainstream in the enterprise. In the latest Cloud Native Computing Foundation (CNCF) survey [1], 78% of the companies surveyed use Kubernetes in production. Containers are not only the norm but are running at scale with 34% of the organizations using 1,000 containers or more.

Given the rise in deployment, challenges remain as organizations attempt to operationalize Kubernetes.

Container Deployment Challenges Graph

Address Top Challenges in Container Networking

With the latest release of VMware NSX-T and the NSX Container Plugin (NCP) we continue to address our customers’ top challenges such as security, complexity, and networking.

NSX provides the full stack networking and security across container orchestration platforms including VMware vSphere 7 with Kubernetes, Tanzu, OpenShift and upstream Kubernetes. NSX-T automates network services (distributed switching, routing, firewalling, load balancing/ingress, IPAM), and applies associated firewall policies directly at the pod level as soon as the cluster is spun up using standard Kubernetes commands. This level of simplicity and automation helps manage Kubernetes and the underlying software-defined data center (SDDC) infrastructure providing a common framework for virtualization admins and developers.

Feature Highlights for NSX Container Plugin  

  • IPv6 Support – You can have IPv6 clusters and IPv4 clusters connected to the same NSX environmentThis is first step toward full IPv6 Kubernetes with NSX-T. While dual-stack is still in alpha state in Kubernetes, we now support IPv6 clusters.   
  • Multiple interfaces per POD – NCP now supports creation of additional interfaces for Pods. Those interfaces can be connected to standard and DPDK enabled (ENS) vlan/overlay backed segments. 
  • Ingress/LB enhancements – we have added the ability to configure different parameters like HTTP header size, timeouts and others. Furthermore, we added support for dynamic SSL profiles which allows SSL offload, SSL re-encrypt, and SSL passthrough per Ingress realized on the same Virtual Server. 
  • Container Inventory – Improving observability and get a global view of all the containers organized by namespaces or by clusters from a centralized container inventory dashboard in NSX-T including networking services, status, and IP addressing. 
VMware NSX Container Plugin
  • L3 Multicast – We have validated that the current multicast routing in NSX-T works for Kubernetes Pods when cluster is directly connected to Tier-0 Gateway. 
  • Redhat Openshift 4 support  This is the first release that adds support for Openshift 4.3 in addition to our existing support for Openshift 3.11. Customers that have Redhat Openshift 4 as their preferred Kubernetes platform now can take advantage of the advanced network, security, and visibility NSX-T provides.  
Advanced Network, Security, and Visibility for Openshift


  • Distributed Intrusion Detection System for Kubernetes  The new NSX-T distributed intrusion detection and prevention system (IDS/IPS) capability is available for Kubernetes and Openshift customers and can be enforced on a per Pod basis. The IDS/IPS capability feature can be applied on a per cluster orper namespace basis, and on a set of Pods with a given label. 
Intrusion Detection and Prevention System for Kubernetes


[1] CNCF Survey: deployments are getting larger as cloud native adoption becomes mainstream