NSX-T Architecture | Overview of NSX-T Management, Control, and Data Plane

NSX-T Manager

NSX-T utilizes a multi-tiered networking stack. The NSX Management Cluster is a 3 node high availability cluster. The cluster consists of a converged Management (Policy) & Control Plane cluster services.
  • The NSX management nodes each contain a Management plane, a central control plane, a policy role and a replicated desired state datastore.
  • The NSX Management Cluster provides availability of all management services and increased performance.
  • The converged appliance allows for easier operations with less systems to monitor and maintain.




Functional characteristics of the NSX-T Manager

Following are the functions of the NSX-T Manager
  • Maintains connectivity to all nodes in the system
  • Provides entry point to the system via UI or API
  • Handles user queries
  • Persists user configuration and the desired configuration
  • Validates the stores data state
  • Maintains and propagates the dynamic state



NSX-T Manager Clustering

Following are the features are benefits of Clustering of NSX-T Manger

Features of NSX-T Manager clustering
  • Cluster of three NSX managers
  • API and GUI available on all managers
  • Replicated desired state datastore

Benefits of NSX-T Manager clustering
  • High availability of the NSX UI and API
  • Reduces the likelihood of failures of NSX operations
  • Provides API and GUI clients with multiple endpoints for a single VIP for availability

Clustering of NSX-T Manager can be setup in two ways
  1. NSX-T Manager Clustering with Virtual IP
  2. NSX-T Manager Clustering with Load Balancer

NSX-T Manager Clustering with Virtual IP

Following are the characteristics of NSX-T Manger clustering with Virtual IP.
  • The cluster Virtual IP is assumed by one Manger called the leader
  • All cluster nodes must be in the same subnet.
  • GARP is used when the Manager with the Virtual IP fails.
  • The cluster IP is used for the north bound operations. The south bound connectivity to the hosts uses the physical IP of each node.


NSX-T Manager Clustering with Load Balancer

Following are the characteristics of NSX-T Manger clustering with Load balancer
  • All Nodes are active
  • VIP load balances the traffic to multiple managers
  • Managers can be in different subnets





NSX-T Control Plane

The control plane is distributed between
  • Central Control Plane (CCP) in the Manager Cluster and
  • Local Control Plane (LCP) agents on the hosts
Following are the functions of CCP
  • Computes all ephemeral runtime states based on configuration from the management plane.
  • CCP pushes stateless configuration to the transport nodes. The Local Control Plane (LCP) agents receive the configuration and pushes it into the data plane of the transport node.
  • Disseminates topology information reported by the data plane elements.




NSX-T Data Plane

Distributed Data Plane

  • The NSX-T distributed data plane connects and hosts workloads across an entire enterprise utilizing heterogeneous hypervisor support and multiple Public cloud connectivity. 
  • It supports hosting the most diverse array of application frameworks -VMs, containers, micro-services, bare-metal, etc.
  • It implements distributed switching, routing and firewalling.


Data Plane in Transport Nodes

The Data Plane on each node is a high performance engine for logical switching, routing, and distributed firewall. The data plane encapsulated and decapsulates packets for the overlay network.

The Data plane of each host contains following elements:
  • Local Control Plane (LCP) agent
  • Management Plane Agent (MPA)
  • NSX Virtual Distributed Switch

The N-VDS is based on either:
  • ESXi vSwitch for ESXi
  • Open vSwitch (OVS) for KVM





Learn more about VMware NSX here


Comments

Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Filtering Routes in BGP using Route-maps and Prefix-list

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Active Failover Configuration

Cisco ASA Active/Standby Failover Configuration