VMware NSX

VMware NSX Overview

VMware NSX is the network virtualization and security platform for the Software-Defined Data Center (SDDC), delivering the operational model of a virtual machine for entire networks. With NSX, network functions including switching, routing, and firewalling are embedded in the hypervisor and distributed across the environment.

This effectively creates a “network hypervisor” that acts as a platform for virtual networking and security services. Similar to the operational model of virtual machines, virtual networks are programmatically provisioned and managed independently of underlying hardware. NSX reproduces the entire network model in software, enabling any network topology—from simple to complex multitier networks—to be created and provisioned in seconds. Users can create multiple virtual networks with diverse requirements, leveraging a combination of the services offered via NSX to build inherently more secure environments.

VMware NSX contains following components which will be deployed in vSphere environment

NSX vSwitch

The NSX vSwitch is the NSX Data Plane. On a ESXi host, the NSX vSwitch is based on the vSphere Distributed vSwitch, whilst on other hypervisors it is based on Open vSwitch. The NSX vSwitch is installed as a set of .vib files which update the ESXi kernel to allow for advanced network features such as distributed routing, distributed firewall and VXLAN capabilities, along with providing access-level switching within the hypervisor. The NSX vSwitch allows logical networks to be created, independent of underlying networking/VLANs, and as such is a core component of network virtualization.

NSX Controller

The NSX controller is deployed as a ‘cluster’ of highly available virtual appliances which are responsible for the programmatic deployment of virtual networks across the entire NSX architecture. The controller is essentially the ‘control plane’. Traffic doesn’t pass through the controller, instead the controller is responsible for providing configuration to other NSX components such as the NSX vSwitches and gateways. It’s worth noting that any failure in the control plane will not affect data plane operations.

NSX Manager

The NSX manager is a web-based management tool which is used to interact with the NSX controllers using NSX APIs.. The NSX manager allows you to configure, administrate and troubleshoot NSX components and their configuration. NSX manager intergrates fully with vCenter, and provides a single point of administration for NSX.

NSX Gateways/Edge

NSX Edge services and gateways provide the path in and out of the NSX defined logical networks. NSX gateways are normally deployed as highly available pairs/clusters and provide services such as routing, tunnelling, firewall and load balancing at the edge of one or more virtual NSX defined networks. NSX gateways are managed by the NSX controller.

Additional Functional Components

VXLAN

It is an encapsulation protocol which runs on overlay (virtualized) network on existing Layer 3 infrastructure. It creates a tunnel between physical hosts. It does it using VTEP (VXLAN Tunnel End Point). In simple terms it creates VMKernel Port Groups on the vDS and uses them to create tunnels. Number of VMKernel Port Groups will be decided based on the Teaming/Failover policies & Number of NICs . For e.g. Let assume we have 2 NICs per ESXi assigned to the vDS and if we use Default Policy i.e. "Route based on originating virtual port" then it will need to have 2 IPs per host for VMKernel Port Groups

TRANSPORT ZONE

A transport zone controls to which hosts a logical switch can reach. It can span one or more vSphere clusters. Transport zones dictate which clusters and, therefore, which VMs can participate in the use of a particular network. Most commonly people create a single Transport Zone for all Clusters within vCenter to keep it simple

SEGMENT ID

It is a pool of segment ID which is assigned for each and every VXLAN Network. When a Logical Switch is created it will assign segment ID from the Pool. Pool range will decide number of logical switches we can create