This post is intended to over the VCP-NV objective around describing VMware NSX Architecture. NSX architecture is documented in the NSX design guide, which I will be referencing a lot here. As discussed in a previous post, NSX does for networking what server virtualization does for compute and storage. The ‘network hypervisor’ virtualizes network services from layer 2 through to layer 7. This means that virtual networks and virtual network services can be provisioned without affecting the underlying network hardware or physical network topology. In describing the components that make up VMware NSX, I’ll discuss the elements that make up the data plane, the control plane and the management plane. There’s a good overview of the different network ‘planes’ here.
VCP-NV 1.2 Describe VMware NSX Architecture
To start with, there is a great diagram of the NSX components on page 9 of the NSX installation guide:
The NSX vSwitch is the NSX Data Plane. On a ESXi host, the NSX vSwitch is based on the vSphere Distributed vSwitch, whilst on other hypervisors it is based on Open vSwitch. The NSX vSwitch is installed as a set of .vib files which update the ESXi kernel to allow for advanced network features such as distributed routing, distributed firewall and VXLAN capabilities, along with providing access-level switching within the hypervisor. The NSX vSwitch allows logical networks to be created, independent of underlying networking/VLANs, and as such is a core component of network virtualization.
The NSX controller is deployed as a ‘cluster’ of highly available virtual appliances which are responsible for the programmatic deployment of virtual networks across the entire NSX architecture. The controller is essentially the ‘control plane’. Traffic doesn’t pass through the controller, instead the controller is responsible for providing configuration to other NSX components such as the NSX vSwitches and gateways. It’s worth noting that any failure in the control plane will not affect data plane operations.
The NSX manager is a web-based management tool which is used to interact with the NSX controllers using NSX APIs.. The NSX manager allows you to configure, administrate and troubleshoot NSX components and their configuration. NSX manager intergrates fully with vCenter, and provides a single point of administration for NSX.
NSX Edge services and gateways provide the path in and out of the NSX defined logical networks. NSX gateways are normally deployed as highly available pairs/clusters and provide services such as routing, tunnelling, firewall and load balancing at the edge of one or more virtual NSX defined networks. NSX gateways are managed by the NSX controller.
What does this all add up to?
Now that the NSX components have been covered – what do you get with them all added together? Some of the features include:
- NSX allows you to create logical layer 2 – L2 segments that can exist anywhere in the fabric regardless of the underlying physical network design. For example, NSX allows you to have the same logical layer 2 network made available across sites, without the need to ‘stretch’ the underlying VLAN.
- NSX provides distributed layer 3 routing. For example, with a traditional configuration, two VMs on the same ESXi host, but on different VLANs would have to send traffic out to the gateway device for their respective subnets, in order to communicate with each other. With NSX, and distributed routing, that can take place without the traffic leaving the host.
- Distributed firewall. Similar to distributed routing, NSX allows for ‘distributed firewall’ where security polices are applied at the host kernel level.
- Support for L4 – L7 load balancing
- SSL VPN to enable L2 VPN services.