Transport zones dictate which hosts transport nodes and, therefore, which VMs can participate in the use of a particular network. A transport zone does this by limiting the hosts that can see a segment—and, therefore, which VMs can be attached to the segment. A transport zone can span one or more host clusters. Also, a host transport node can be associated to multiple transport zones.

Overlay traffic: Is a type of network traffic that is created by virtual networks using a protocol such as VXLAN or GENEVE. Overlay traffic is encapsulated with a header that contains information about the virtual network, such as the virtual network identifier (VNI) or the logical segment ID (LSID). Overlay traffic is transmitted over the physical network, which is called the underlay, and is decapsulated at the destination host or edge node. Overlay traffic allows virtual machines on different hosts or availability zones to communicate with each other as if they were on the same Layer 2 network, without requiring any changes to the physical network configuration. Overlay traffic also enables features such as distributed routing, logical switching, and distributed firewall.

VLAN traffic: Is a type of network traffic that is segmented by using virtual LANs (VLANs). VLANs allow you to create logical groups of ports on a physical switch, so that only the ports that belong to the same VLAN can communicate with each other. VLANs can improve network security, performance, and manageability by isolating traffic. VLAN traffic can be configured in different ways on VMware ESXi hosts, depending on how the VLAN tags are added or removed from the packets.

An NSX environment can contain one or more transport zones based on your requirements. A host can belong to multiple transport zones. A segment can belong to only one transport zone.

NSX does not allow connection of VMs that are in different transport zones in the Layer 2 network. The span of a segment is limited to a transport zone.

Both host transport nodes and NSX Edge nodes use Overlay and VLAN transport zones. Host transport nodes connect to VDS switches while N-VDS switch is configured on NSX Edge transport nodes.

The VLAN transport zone is used by the NSX Edge and host transport nodes for its VLAN uplinks. When an NSX Edge is added to a VLAN transport zone, a VLAN N-VDS is installed on the NSX Edge.
Note: vMotion is not supported between two segments or logical switches on different VLAN transport zones.

Procedure

  1. From a browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address> or https://<nsx-manager-fqdn>.
  2. Select System > Fabric > Transport Zones > Add Zone.
  3. Enter a name for the transport zone and optionally a description.
  4. Select a traffic type between Overlay and VLAN.
  5. (optional) For VLAN Transport Zone, enter the names of Named Teaming Policy. These named teaming policies can be used by segments attached to the vlan transport zone which in turn use the named teaming policy specified in uplink profiles to direct traffic.
    Note: If you define named teaming policies, ensure that you enter the exact named teaming policy name in associated VLAN segments and uplink profiles as well. If segments do not find a matching named teaming policy, then NSX uses the default uplink teaming policy.
  6. After you add the transport zone, go to the Transport Zones page and view the newly added transport zone either from the UI or by running the following API command.
    GET /policy/api/v1/global-infra/sites/<site-id>/enforcement-points/<enforcementpoint-id>/transport-zones 
    {
 "sort_ascending": true,
 "sort_by": "display_name",
 "result_count": 1,
 "results": [
   {
    "tz_type": "OVERLAY_BACKED",
     "is_default": true,
     "transport_zone_profile_paths": [
       "/infra/transport-zone-profiles/tzp"
   ],
     "nested_nsx": false,
     "resource_type": "PolicyTransportZone",
     "id": "tz",
     "display_name": "tz",
     "path": "/infra/sites/default/enforcement-points/default/transport-zones/tz",
     "relative_path": "tz",
     "parent_path": "/infra/sites/default/enforcement-points/default",
     "unique_id": "8f4a026d-e3f5-4f23-a3ef-46309d573dc1",
     "marked_for_delete": false,
     "overridden": false,
     "_create_user": "admin",
     "_create_time": 1607501697823,
     "_last_modified_user": "admin",
     "_last_modified_time": 1607582307987,
     "_system_owned": false,
     "_protection": "NOT_PROTECTED",
     "_revision": 5
   }
 ]
}

What to do next

Optionally, create a custom transport-zone profile and bind it to the transport zone. You can create custom transport-zone profiles using the POST /api/v1/infra/transport-zone-profiles API. There is no UI workflow for creating a transport-zone profile. After the transport-zone profile is created, you can find it to the transport zone with the PATCH /api/v1/infra/sites/default/enforcement-points/nsxt-ep/transport-zones/<transport-zone-id> API.

{
  "tz_type": "OVERLAY_BACKED",
  "is_default": true,
  "nested_nsx": false,
  "transport_zone_profile_paths": [
  "/infra/transport-zone-profiles/tzp"
  ]
}