NSX-T Chapter-1 : Getting started
I wish every reader a very Happy New Year. This is the first post of year 2021 :)
In my previous article, I discussed basic difference between NSX-v and NSX-t. Where NSX-V is specific to vSphere environment (based on ESXi), NSX-T is the next gen innovation designed for heterogenous virtual platform and multi-hypervisor environments. With NSX-V, vCenter is the central management plane meaning NSX needs vCenter for its management activities where NSX-T has its own management UI and can be managed individually without any dependency on vCenter.
This article is dedicated to NSX-T architecture and the brief about planes but before that I would like to mention about the versions that NSX-T has till date. The Oldest version was NSX-T data Center 1.1 and all the way to latest version which is NSX-T Data Center 3.1 which provides variety of new features to offer virtual networking and security for private, public and hybrid cloud. You can find it on vmware's NSX documentation link
NSX-T Data Center 1.1
NSX-T Data Center 2.0
NSX-T Data Center 2.1
NSX-T Data Center 2.2
NSX-T Data Center 2.3
NSX-T Data Center 2.4
NSX-T Data Center 2.5
NSX-T Data Center 3.0
NSX-T Data Center 3.1
Getting Started with NSX-T Architecture
The virtual networking and security with NSX provides complete L2 through L7 stack of network services i.e. switching, routing, access control, firewalling, class/quality of service in a software. Hence it is defined as software-defined networking (SDN). The services are alligned in order to produce seamless, secured and isolated virtual network with fast and reliable delivery in just matter of seconds.
Like other versions and flavors of NSX, NSX-T works by implementing three separate planes i.e. Management Plane, Control Plane and Data Plane
These planes are implented as modules and agents residing on nodes i.e. NSX manager, NSX controller and Transport Nodes
NSX Manager node hosts APIs and has management plane bus which connects to management plane agent on each manager node. NSX controller node has central control daemons and Transport node has local control plane daemons and forwarding engines.
© VMware Inc
Lets see what are these planes have in separate
1. Management Plane: The management plane is the one and only source of truth for the logical system as managed by user. Changes can be made either using APIs or the NSX-T UI. This provides the single API entry point to the system, persists user config, handles user queries and performs tasks on management, control and data planes nodes on the system.
NSX manager is the component which provides the GUI and APIs for authenticating, creating, configuring and monitoring other components like logical switches, Edges etc. It is a virtual appliance which is deployed as an OVA file. It is integrated with other cloud management platforms (CMPs) via REST APIs.
Tasks that management plane include
- Config persistence
- User management
- Policy management
- Background task tracking
2. Control Plane: As the name suggests, control plane controls the game. Control plane has two parts i.e. Central control plane (CCP) and Local control plane (LCP). CCP runs on controller nodes and LCP runs on transport nodes. CCP nodes are deployed as VMs. It computes all runtimes state based on configuration from management plane , disseminates topology info reported by the data plane elements and pushes stateless configs to forwarding engines.
NSX controller is called as CCP which is deployed as cluster of VMs with high availability, is responsible for deployment of virtual network across entire NSX-T data center architecture. Although traffic doesn't pass through controllers but controllers configure controller components i.e. logical switches, logical routers and edge.
3. Data Plane: The data plane is responsible for forwarding or transformation of packets based on rules populated by control plane and reports topology information to control plane. The actual traffic flows at data plane. NSX-T uses in-kernel modules for ESXi and KVM hypervisors for constructing data planes. Since NSX-T does not have much reliability on vCenters, it does not rely on vSphere vSwitch anymore for network connectivity, instead it introduces a host switch called N-VDS i.e. NSX Managed Virtual Distributed switch.
Data plane offers features such as logical routing, logical switching, firewalling, Address translation, DHCP etc
NSX Edge and Transport Zones are responsible to construct data plane.
Having mentioned the overview of architecture, I will wrap the article here and will come up with new chapters of NSX-t with deployment and other important discussions. Till then, keep reading and have fun .