In case you haven’t been keeping up with network virtualization from VMware, there are a couple of variants of network virtualization. They are NSX-V and NSX-T.
While NSX-V is the very first network virtualization platform released by VMware and the product that started VMware on the road of network virtualization in general, NSX-T is the newer and hypervisor independent offering that is perhaps the future of VMware’s network virtualization product, both for vSphere and other hypervisors as well as cloud environments, as notably found in VMware Cloud on AWS. There are many key concepts and fundamental building blocks of an NSX-T virtualization network environment.
What are the major components of the NSX-T platform? How does NSX-T work?
In this post, we will take a look at VMware NSX-T components and how they work to get a better overview of the architecture of the NSX-T solution.
VMware NSX-T Components and How They Work
There are various fundamental components that allow NSX-T Data Center network virtualization technology to connect virtual and even physical workloads together despite the configuration of the underlying physical network between them as long as appropriate connectivity exists. The great thing about network virtualization is that it allows reproducing the entire layers 2-7 services that exist in the physical network world but with the advantage of being accomplished in software. This means that via programmable interfaces, the entire NSX-T landscape can be controlled in software as well as fully automated via code.
NSX-T is comprised of three planes that are fully integrated.
These include:
- Management Plane
- Control Plane
- Data Plane
There are various software components, agents, processes, and modules that reside on three types of nodes that each fall into one of the above-integrated planes.
We will look at the following:
Management Plane:
- NSX Manager
- NSX Policy Manager
- Cloud Service Manager
Control Plane:
- NSX Controller
Data Plane:
- NSX Edge
- Transport Zones
Let’s take a brief look at each of these and how they fit into their particular integrated plane and the overall NSX-t architecture.
NSX Manager
The NSX-T Manager appliance is a virtual appliance that provides both a graphical GUI interface via a web interface as well as REST API endpoints for programmatically controlling the NSX-T environment.
As you might intuitively imagine, this is the Management plane for the NSX-T platform as it provides a centralized management location for all NSX-T activities.
By means of the NSX-T Manager, you can create, configure, and orchestrate:
- Logical network constructs
- Network and Edge services
- Security and firewall services
Additionally, by means of the NSX-T Manager, you have the ability to monitor and troubleshooting the NSX-T environment and various workloads across the landscape. With the NSX-T Manager, you have the ability to see services availability, configure service chaining, context sharing, and events handling. The NSX-T manager is also where you can perform auditing of the environment as well as implement identity-based controls. Each hypervisor host has an NSX-T Data Center agent installed that persists the changes made to the desired state of the host and communicating NFC messages.


NSX Policy Manager
The NSX Policy Manager is also a virtual appliance-based solution that provides intent-based controls to help simplify the means to consume NSX-T. It also provides a graphical UI and REST API endpoints for intent-based networking, security, and availability. It interacts with the NSX Manager to receive intent from a user and then configures the NSX Manager to realize the intent of that particular user.
Cloud Service Manager
This is a special virtual appliance that provides a graphical UI for management endpoints for all public cloud constructs. REST API endpoints are also exposed to the CSM for programmatic interaction, onboarding, configuring, and monitoring.
NSX Controller
Moving from the Management plane into the Control plane, the NSX Controller provides management for the advanced distributed state and network overlays in the NSX-T environment. The NSX-T controllers are deployed in a controller cluster configuration of three nodes. This provides high-availability for the control plane. The control plane is intentionally separated from the Data plane in the design of NSX-T so that any disruption in the control plane does not disrupt the data plane or VM traffic. No traffic flows through the controllers themselves. The controllers are simply used to configure logical switches, routers, and edge configurations.
NSX Edge
The NSX Edge appliance provides connectivity from the NSX-T environment to networks that are outside the NSX-T constructs. It can be deployed as a VM or as a bare metal installation. The NSX Edge appliance allows routing out to Tier-0 routers via routing protocols such as BGP or by using static routes.
A Tier-0 router is a provider logical router that interfaces with the physical network. A Tier-0 logical router is a top-tier router and can be realized as an active-active or active-standby cluster of services router. The logical router runs BGP and peers with physical routers. In the active-standby mode, the logical router can also provide stateful services. Additionally, NAT services require you deploy the NSX Edge appliance for network address translation. Common use cases that utilize the NSX Edge include DMZ and multi-tenant cloud environments. This allows creating security boundaries from other tenants with the use of the NSX Edge.
Transport Zones
The Transport Zone is part of the Data plane in the NSX-T network virtualization ecosystem. The Transport Zone is a logical component that basically defines whether or not virtual machines that live on different host clusters can talk to one another. Hosts are added to the Transport Zone via a host cluster. If host clusters are added to the same transport zone, the virtual machines can be added to the same logical switches so that network communication can happen.
At the heart of the network communication via the Transport Zone happens by means of the Virtual Tunnel Endpoint or VTEP which allows network communication to happen across the physical network infrastructure and be abstracted from this physical network infrastructure.
The hosts that run the local control plane daemons and forwarding engines implementing the NSX-T data plane are known as the transport nodes. To serve as a transport node in an NSX-T environment, the host must be configured with an NSX managed virtual distributed switch or N-VDS. When a host transport node is created and then added to a transport zone, NSX-T installs an N-VDS on the host. Each different transport zone a host belongs to, a new N-VDS switch is installed. This N-VDS is used to connect virtual machines to logical switches and creating logical router uplinks/downlinks.
Thoughts
NSX-T is a powerful network virtualization technology that is the basis for network virtualization for most of VMware’s latest technologies and cloud platforms. While it shares a lot of similarities with NSX-V, there are some differences found in the NSX-T architecture and the way the NSX-T platform is deployed. There are three integrated planes found in the NSX-T environment. These include Management, Control, and Data planes. In each of these integrated planes, there are various software components and NSX-T tooling found at each level that make the virtualized network constructs possible in the NSX-T ecosystem.
Notably, the NSX Manager provides management plane capabilities including management GUI and REST API access. Controllers provide the Control plane functions to NSX-T by allowing the creation and configuration of logical switches, routers, and edge devices. The NSX Edge and Transport Zones are the Data plane constructs where data actually flows in the environment.
By understanding these key constructs and knowing where they fit into the integrated planes, it is much easier to have a fundamental grasp on NSX-T and its configuration.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

 
Leave A Comment