Network Design for the NSX Edge Nodes for a Virtual Infrastructure Workload Domain

In each VMware Cloud Foundation instance, you implement an NSX Edge configuration with a single N-VDS. You connect the uplink network interfaces of the edge appliance to VLAN trunk port groups that are connected to particular physical NICs on the host.

The NSX Edge node contains a virtual switch, called an N-VDS, that is managed by NSX-T Data Center. This internal N-VDS is used to define traffic flow through the interfaces of the edge node. An N-VDS can be connected to one or more interfaces. Interfaces cannot be shared between N-VDS instances.

If you plan to deploy multiple VMware Cloud Foundation instances, apply the same network design to the NSX Edge cluster in the second and other additional VMware Cloud Foundation instances.

The NSX Edge appliance is with a single N-VDS. eth0 is for management traffic, connected to the management port group. fp-eth0 and fp-eth1 are for uplink and overlay traffic, and are connected to the uplink port groups. — Figure 1. NSX Edge Networking

Table 1. Design Decisions on the Network Configuration of the NSX Edge Appliances
Decision ID	Design Decision	Design Justification	Design Implication
VCF-WLD-NSX-EDGE-NET-001	Connect the management interface `eth0` of each NSX Edge node to the management VLAN.	Provides connection to the NSX Manager cluster.	None.
VCF-WLD-NSX-EDGE-NET-002	Connect the `fp-eth0` interface of each NSX Edge appliance to a VLAN trunk port group pinned to physical NIC 0 of the host. Connect the `fp-eth1` interface of each NSX Edge appliance to a VLAN trunk port group pinned to physical NIC 1 of the host. Leave the `fp-eth2` interface of each NSX Edge appliance unused.	Because VLAN trunk port groups pass traffic for all VLANs, VLAN tagging can occur in the NSX Edge node itself for easy post-deployment configuration. By using two separate VLAN trunk port groups, you can direct traffic from the NSX-T Edge node to a particular host network interface and top of rack switch as needed. In the event of failure of the top of rack switch, the VLAN trunk port group will failover to the other physical NIC and to ensure both `fp-eth0` and `fp-eth1` are available.	None.
VCF-WLD-NSX-EDGE-NET-003	Use a single N-VDS in the NSX Edge nodes.	Simplifies deployment of the edge nodes. The same N-VDS switch design can be used regardless of edge form factor. Supports multiple TEP interfaces in the edge node. vSphere Distributed Switch is not supported in the edge node.	None.
VCF-WLD-NSX-EDGE-NET-004	Use a dedicated VLAN for the edge overlay network that is segmented from the host overlay VLAN.	The edge overlay network must be isolated from the host overlay network to protect the host overlay traffic from edge-generated overlay traffic.	You must have a route between the VLANs for edge overlay and host overlay. You must allocate another VLAN in the data center infrastructure for NSX edge overlay traffic.

For a multi-region SDDC, an RTEP VLAN is needed for overlay traffic between regions.

Table 2. Design Decisions on the Network Configuration of the NSX Edge Appliances for an Environment with Multiple VMware Cloud Foundation Instances
Decision ID	Design Decision	Design Justification	Design Implication
VCF-WLD-NSX-EDGE-NET-005	Allocate a separate VLAN for edge RTEP overlay that is different from the edge overlay VLAN.	The RTEP network must on a VLAN that is different from the edge overlay VLAN. Dedicated VLAN for inter-site communication.	You must allocate another VLAN in the data center infrastructure for edge RTEP overlay.