In each VMware Cloud Foundation instance, you implement an NSX Edge configuration with a single N-VDS. You connect the uplink network interfaces of the edge appliance to VLAN trunk port groups that are connected to particular physical NICs on the host.

The NSX Edge node contains a virtual switch, called an N-VDS, that is managed by NSX-T Data Center. This internal N-VDS is used to define traffic flow through the interfaces of the edge node. An N-VDS can be connected to one or more interfaces. Interfaces cannot be shared between N-VDS instances.

If you plan to deploy multiple VMware Cloud Foundation instances, apply the same network design to the NSX Edge cluster in the second and other additional VMware Cloud Foundation instances.

Figure 1. NSX Edge Network Configuration

The NSX Edge appliance is configured with a single N-VDS. The N-VDS has segments for uplink and overlay to the edge. The vNICs of the edge appliance are connected to the management distributed switch. eth0 is for management traffic and is connected to the management distributed port group. fp-eth0 and fp-eth1 are for uplink and overlay traffic, and are connected to the uplink distributed port groups. The distributed switch in vSphere then provides connection to the top of rack switches over the two NICs of the ESXi host.
Table 1. Design Decisions on the Network Configuration of the NSX Edge Appliances

Decision ID

Design Decision

Design Justification

Design Implication

VCF-MGMT-NSX-EDGE-NET-001

Connect the management interface eth0 of each NSX Edge node to the management VLAN.

Provides connection to the NSX Manager cluster.

None.

VCF-MGMT-NSX-EDGE-NET-002

  • Connect the fp-eth0 interface of each NSX Edge appliance to a VLAN trunk port group pinned to physical NIC 0 of the host, with the ability to failover to physical NIC 1.

  • Connect the fp-eth1 interface of each NSX Edge appliance to a VLAN trunk port group pinned to physical NIC 1 of the host, with the ability to failover to physical NIC 0.

  • Leave the fp-eth2 interface of each NSX Edge appliance unused.

  • Because VLAN trunk port groups pass traffic for all VLANs, VLAN tagging can occur in the NSX Edge node itself for easy post-deployment configuration.

  • By using two separate VLAN trunk port groups, you can direct traffic from the edge node to a particular host network interface and top of rack switch as needed.

  • In the event of failure of the top of rack switch, the VLAN trunk port group will failover to the other physical NIC and to ensure both fp-eth0 and fp-eth1 are available.

None.

VCF-MGMT-NSX-EDGE-NET-003

Use a single N-VDS in the NSX Edge nodes.

  • Simplifies deployment of the edge nodes.

  • The same N-VDS switch design can be used regardless of edge form factor.

  • Supports multiple TEP interfaces in the edge node.

  • vSphere Distributed Switch is not supported in the edge node.

None.

VCF-MGMT-NSX-EDGE-NET-004

Use a dedicated VLAN for edge overlay that is different from the host overlay VLAN.

A dedicated edge overlay network enables edge mobility in support of advanced deployments such as multiple availability zones or multi-rack clusters.

  • You must have routing between the VLANs for edge overlay and host overlay.

  • You must allocate another VLAN in the data center infrastructure for edge overlay.

For an environment with multiple VMware Cloud Foundation instances, allocate an RTEP VLAN for overlay traffic between VMware Cloud Foundation instances.

Table 2. Design Decisions on the Network Configuration of the NSX Edge Appliances for an Environment with Multiple VMware Cloud Foundation Instances

Decision ID

Design Decision

Design Justification

Design Implication

VCF-MGMT-NSX-EDGE-NET-005

Allocate a separate VLAN for edge RTEP overlay that is different from the edge overlay VLAN.

  • The RTEP network must be on a VLAN that is different from the edge overlay VLAN.
  • Dedicated VLAN for inter-site communication.

You must allocate another VLAN in the data center infrastructure.