The advanced networking model of NSX-T Data Center provides a fully isolated and secure traffic path across workloads in the tenant switch and routing fabric.

Advanced security policies and rules can be applied at the VM boundary to further control unwarranted traffic. Also, for better traffic management, QoS switching profile can be used to provide high-quality and dedicated network performance for preferred traffic that requires high bandwidth using Class of Service (CoS) and Differentiated Services Code Point (DSCP) values for tenants.

NSX-T Data Center introduces a two-tiered routing architecture that enables the management of networks at the provider (Tier-0) and tenant (Tier-1) tiers. The provider routing tier is attached to the physical network for North-South traffic, while the tenant routing can connect to the provider Tier-0 and manage East-West communications. The Tier-0 provides traffic termination to the cloud physical gateways and existing CSP underlay networks for inter-cloud traffic communication.

Each Tenant VDC has a single Tier-1 distributed router (DR) that provides the intra-tenant routing capabilities. It can be also enabled for stateful services such as firewall and NAT. VMs belonging to a Tenant can be plumbed to multiple logical interfaces for layer 2 and layer 3 connectivity.