In each VMware Cloud Foundation instance, you implement an NSX Edge configuration with a single N-VDS. You connect the uplink network interfaces of the edge appliance to VLAN trunk port groups that are connected to particular physical NICs on the host.

The NSX Edge node contains a virtual switch, called an N-VDS, that is managed by NSX-T Data Center. This internal N-VDS is used to define traffic flow through the interfaces of the edge node. An N-VDS can be connected to one or more interfaces. Interfaces cannot be shared between N-VDS instances.

If you plan to deploy multiple VMware Cloud Foundation instances, apply the same network design to the NSX Edge cluster in the second and other additional VMware Cloud Foundation instances.

Figure 1. NSX Edge Networking
The NSX Edge appliance is with a single N-VDS. eth0 is for management traffic, connected to the management port group. fp-eth0 and fp-eth1 are for uplink and overlay traffic, and are connected to the uplink port groups.
Table 1. Design Decisions on the Network Configuration of the NSX Edge Appliances

Decision ID

Design Decision

Design Justification

Design Implication

VCF-WLD-NSX-EDGE-NET-001

Connect the management interface eth0 of each NSX Edge node to the management VLAN.

Provides connection to the NSX Manager cluster.

None.

VCF-WLD-NSX-EDGE-NET-002

  • Connect the fp-eth0 interface of each NSX Edge appliance to a VLAN trunk port group pinned to physical NIC 0 of the host.

  • Connect the fp-eth1 interface of each NSX Edge appliance to a VLAN trunk port group pinned to physical NIC 1 of the host.

  • Leave the fp-eth2 interface of each NSX Edge appliance unused.

Because VLAN trunk port groups pass traffic for all VLANs, VLAN tagging can occur in the NSX Edge node itself for easy post-deployment configuration.

  • By using two separate VLAN trunk port groups, you can direct traffic from the NSX-T Edge node to a particular host network interface and top of rack switch as needed.

  • In the event of failure of the top of rack switch, the VLAN trunk port group will failover to the other physical NIC and to ensure both fp-eth0 and fp-eth1 are available.

None.

VCF-WLD-NSX-EDGE-NET-003

Use a single N-VDS in the NSX Edge nodes.

  • Simplifies deployment of the edge nodes.

  • The same N-VDS switch design can be used regardless of edge form factor.

  • Supports multiple TEP interfaces in the edge node.

  • vSphere Distributed Switch is not supported in the edge node.

None.

VCF-WLD-NSX-EDGE-NET-004

Use a dedicated VLAN for the edge overlay network that is segmented from the host overlay VLAN.

The edge overlay network must be isolated from the host overlay network to protect the host overlay traffic from edge-generated overlay traffic.

  • You must have a route between the VLANs for edge overlay and host overlay.

  • You must allocate another VLAN in the data center infrastructure for NSX edge overlay traffic.

For a multi-region SDDC, an RTEP VLAN is needed for overlay traffic between regions.

Table 2. Design Decisions on the Network Configuration of the NSX Edge Appliances for an Environment with Multiple VMware Cloud Foundation Instances

Decision ID

Design Decision

Design Justification

Design Implication

VCF-WLD-NSX-EDGE-NET-005

Allocate a separate VLAN for edge RTEP overlay that is different from the edge overlay VLAN.

  • The RTEP network must on a VLAN that is different from the edge overlay VLAN.
  • Dedicated VLAN for inter-site communication.

You must allocate another VLAN in the data center infrastructure for edge RTEP overlay.