NSX provides networking services to workloads in VMware Cloud Foundation such as load balancing, routing and virtual networking.

Table 1. NSX Logical Design

Component

VMware Cloud Foundation Instances with a Single Availability Zone

VMware Cloud Foundation Instances with Multiple Availability Zones

NSX Manager Cluster

  • Three appropriately sized nodes with a virtual IP (VIP) address with an Anti-affinity rule to separate.

  • vSphere HA protects the cluster nodes applying high restart priority

  • Three appropriately sized nodes with a VIP address with an anti-affinity rule to separate the nodes on different hosts.

  • vSphere HA protects the cluster nodes applying high restart priority

  • vSphere DRS rule should-run-on-hosts-in-group keeps the NSX Manager VMs in the first availability zone.

NSX Global Manager Cluster (Conditional)

  • Manually deployed three appropriately sized nodes with a VIP address with an anti-affinity rule to separate them on different hosts.

  • One active and one standby cluster.

  • vSphere HA protects the cluster nodes applying high restart priority.

  • Manually deployed three appropriately sized nodes with a VIP address with an anti-affinity rule to separate them on different hosts.

  • One active and one standby cluster.

  • vSphere HA protects the cluster nodes applying high restart priority.

  • vSphere DRS rule should run on hosts in group keeps the NSX Global Manager VMs in the first availability zone.

NSX Edge Cluster

  • Two appropriately sized NSX Edge nodes with an anti-affinity rule to separate them on different hosts.

  • vSphere HA protects the cluster nodes applying high restart priority.

  • Two appropriately sized NSX Edge nodes in the first availability zone with an anti-affinity rule to separate them on different hosts.

  • vSphere HA protects the cluster nodes applying high restart priority.

  • vSphere DRS rule should run on hosts in group keeps the NSX Edge VMs in the first availability zone.

Transport Nodes

  • Each ESXi host acts as a host transport node.

  • Two Edge transport nodes.

  • Each ESXi host acts as a host transport node.

  • Two Edge transport nodes in the first availability zone.

Transport zones

  • One VLAN transport zone for north-south traffic.

  • Maximum one overlay transport zone for overlay segments per NSX instance.

  • One VLAN transport zone for north-south traffic.

  • Maximum one overlay transport zone for overlay segments per NSX instance.

VLANs and IP subnets allocated to NSX

For information about the networks for virtual infrastructure management, see Distributed Port Group Design.

See VLANs and Subnets for VMware Cloud Foundation.

See Physical Network Infrastructure Design for VMware Cloud Foundation.

Routing configuration

  • BGP for a single VMware Cloud Foundation instance.

  • In a VMware Cloud Foundation deployment with NSX Federation, BGP with ingress and egress traffic to the first VMware Cloud Foundation instance during normal operating conditions.

  • BGP with path prepend to control ingress traffic and local preference to control egress traffic through the first availability zone during normal operating condition.

  • In a VMware Cloud Foundation deployment with NSX Federation, BGP with ingress and egress traffic to the first instance during normal operating conditions.

For a description of the NSX logical component in this design, see NSX Logical Concepts and Components.

Single Instance - Single Availability Zone

The NSX design for the Single Instance - Single Availability Zone topology consists of the following components:

Figure 1. NSX Logical Design for a Single Instance - Single Availability Zone Topology

The NSX Manager three-node cluster is connected to the NSX Edge two-node cluster and to the ESXi transport nodes. NSX Manager is connected to the workload domain vCenter Server.
  • Unified appliances that have both the NSX Local Manager and NSX Controller roles. They provide management and control plane capabilities.

  • NSX Edge nodes in the workload domain that provide advanced services such as load balancing, and north-south connectivity.

  • ESXi hosts in the workload domain that are registered as NSX transport nodes to provide distributed routing and firewall services to workloads.

Single Instance - Multiple Availability Zones

The NSX design for a Single Instance - Multiple Availability Zone topology consists of the following components:

Figure 2. NSX Logical Design for a Single Instance - Multiple Availability Zone Topology
The NSX Manager three-node cluster is connected to the NSX Edge two-node cluster and to the ESXi transport nodes in two availability zones. NSX Manager is connected to the workload domain vCenter Server.
  • Unified appliances that have both the NSX Local Manager and NSX Controller roles. They provide management and control plane capabilities.

  • NSX Edge nodes that provide advanced services such as load balancing, and north-south connectivity.

  • ESXi hosts that are distributed evenly across availability zones in the workload domain and are registered as NSX transport nodes to provide distributed routing and firewall services to workloads.

Multiple Instances - Single Availability Zone

The NSX design for a Multiple Instance - Single Availability Zone topology consists of the following components:

Figure 3. NSX Logical Design for a Multiple Instance - Single Availability Zone Topology
The Global Manager cluster in instance A is active, and the Global Manager cluster in instance B is standby. Both Global Manager clusters are connected to the Local Manager clusters in each VMware Cloud Foundation instance. Each Local Manager cluster is connected to its corresponding edge cluster and ESXi hosts.
  • Unified appliances that have both the NSX Local Manager and NSX Controller roles. They provide management and control plane capabilities.

  • NSX Edge nodes that provide advanced services such as load balancing, and north-south connectivity.

  • ESXi hosts in the workload domain that are registered as NSX transport nodes to provide distributed routing and firewall services to workloads.

  • NSX Global Manager cluster in each of the first two VMware Cloud Foundation instances.

    You deploy the NSX Global Manager cluster in each VMware Cloud Foundation instance so that you can use NSX Federation for global management of networking and security services.

  • An additional infrastructure VLAN in each VMware Cloud Foundation instance to carry instance-to-instance traffic (RTEP).

Multiple Instances - Multiple Availability Zones

The NSX design for a Multiple Instance - Multiple Availability Zone topology consists of the following components:

Figure 4. NSX Logical Design for Multiple Instance - Multiple Availability Zone Topology
The Global Manager cluster in instance A is active, and the Global Manager cluster in instance B is standby. Both Global Manager clusters are connected to the Local Manager clusters in each VMware Cloud Foundation instance. Each Local Manager cluster is connected to its corresponding edge cluster and the ESXi hosts distributed in two availability zones.
  • Unified appliances that have both the NSX Local Manager and NSX Controller roles. They provide management and control plane capabilities.

  • NSX Edge nodes that provide advanced services such as load balancing, and north-south connectivity.

  • ESXi hosts that are distributed evenly across availability zones in the workload domain in a VMware Cloud Foundation instance, and are registered as NSX transport nodes to provide distributed routing and firewall services to workloads.

  • NSX Global Manager cluster in each of the first two VMware Cloud Foundation instances.

    You deploy the NSX Global Manager cluster in each VMware Cloud Foundation instance so that you can use NSX Federation for global management of networking and security services.

  • An additional infrastructure VLAN in each VMware Cloud Foundation instance to carry instance-to-instance traffic (RTEP).