Hydra 1303


All News Items

What's NSX-T Data Center?

from the Hydra High Council Sep 22nd 2020

NSX-T is part of the VMware Virtual Cloud Network, a software layer for connecting and securing any type of workload running on any type of environment in a distributed fashion. NSX-T provides a centralized interface for configuring L2 to L7 networking and security services like switching, routing, firewall, load balancers, VPN, NAT… etc, for bare metal, VMs, and containers.

There are a lot of things going on inside NSX-T, so in this blog series we will start with the basics: NSX-T architecture.

NSX-T Architecture

NSX-T Management, Control, and Data Planes

Starting with NSX-T 2.4, the NSX-T Controllers are embedded with the NSX Manager nodes forming a cluster of 3 nodes (VMs). Using a clustering mechanism and a distributed database (CORFU), the management/control plane can handle large scale concurrent API requests and provides a highly available entry point for configuring services in small and large environments.

Management/Control Planes

The role of the management plane is to provide an entry point for all configurations via a REST API call, HTML5-based UI, or through a CMP (Cloud Management Platform) like vRealize Automation or OpenStack for example.

Management Cluster is accessed through UI/REST/CMP

The NSX Management Cluster is highly available and can be configured in two ways: with a Cluster Virtual IP or using a Load Balancer.

With a Cluster Virtual IP, only one Manager node is active at a time. Therefore, traffic is not load balanced and all Manager nodes must be in the same subnet. If the active Manager goes down, a new leader is elected.

Accessing the Cluster via Virtual IP

With a Load Balancer, all nodes are active at the same time and can be on the same or different subnets.

Accessing the Cluster with a Load Balancer

The Manager nodes have three built-in roles which are: Policy, Manager, and Controller. The Policy and Manager roles are part of the Management Plane, while the Controller role is part of the Control Plane.

Policy role: provides the user with centralized policy management for configuring the final desired state configuration (networking and security policies) that can be enforced everywhere and publishes it to the Manager.

Manager role: validates the configuration from the Policy, stores the configuration on the distributed database, and publishes it to the Controller. It is also in charge of configuring the Data Plane and retrieving statistics information from it.

Controller role: functions as the Control Plane for switching, routing and firewall. It maintains the realized state and pushes it to the Data Plane. It also receives topology information from the Data Plane.

Built-in roles in the NSX Manager node

The Control Plane is divided in two: Central Control Plane (CCP) and Local Control Plane (LCP). CCP is part of the Manager node (Controller role) and LCP is part of the Data Plane. LCP receives updates from CCP and pushes it to forwarding engines and sends topology information to CCP.

Control plane is composed of CCP and LCP

Data Plane

The role of the Data Plane is to forward traffic using a distributed forwarding model. Transport nodes are the components on the Data Plane which are responsible for forwarding traffic. The Data Plane depends on the Control Plane to populate the tables and rules needed to forward traffic.

Multiple types of workloads and transport nodes are supported:

Workloads: Legacy applications (bare metal), VMs, and modern applications (containers).

Transport nodes: ESXi, KVM, bare metal, and NSX Edge.

Transport nodes communicate with the Management and Control Planes using NSX-RPC (Remote Procedure Call). On the NSX Manager node, there is a service (nsx-appl-proxy) that acts as a hub for communication with the NSX-Proxy (TnProxy) on the transport nodes.

RPC-based communication between planes

Summary

NSX-T provides best in class networking and security services covering lots of use cases for private, public, and multi-cloud environments. We hope this helps to better understand the architecture of NSX-T.

for more NSX-T blogs.