The advanced networking model of NSX-T Data Center provides a fully isolated and secure traffic path across workloads in tenant switch and routing fabric. Advanced security policies and rules can be applied at the VM boundary to further control unwarranted traffic. Also, for better traffic management, QoS switching profiles can be used to provide high-quality and dedicated network performance for preferred traffic that requires high bandwidth using Class of Service (CoS) and Differentiated Services Code Point (DSCP) values for tenants.
NSX-T Data Center introduces a two-tiered routing architecture that enables the management of networks at the provider (Tier-0) and tenant (Tier-1) tiers. The provider routing tier is attached to the physical network for North-South traffic, while the tenant routing can connect to the provider Tier-0 and manage East-West communications. The Tier-0 provides traffic termination to the cloud physical gateways and existing CSP underlay networks for inter-cloud traffic communication.
Each Organization VDC has a single Tier-1 distributed router (DR) that provides the intra-tenant routing capabilities. It can be also enabled for stateful services such as firewall and NAT. VMs belonging to a Tenant can be plumbed to multiple logical interfaces for layer 2 and layer 3 connectivity.
Resource Allocation
To avoid contention and starvation, compute, storage, and network isolation should be applied consistently to the workloads.
The CSP admin can allocate and reserve resources for tenants by using Organization VDC. Every Organization VDC is associated with a resource pool across the Resource Pods. The resource settings of the resource pool are managed from VMware Cloud Director. This ensures that every Organization VDC allocates the resources to which it is entitled, without exceeding the infrastructure resource limits, such as CPU clock cycles, total memory, network bandwidth, and storage.
VMware Cloud Director supports an allocation model that determines how and when the allocated Provider VDC compute and memory resources are committed to the organization VDC. Every allocation model provides different levels of performance control and management. For the suggested use of the allocation model, see the VMware Cloud Director Administrator guide.
1. Resource Allocation Reservation: Defines the minimum guarantee. This parameter ensures a minimum guarantee to each VM when it is launched.
2. Resource Allocation Limit: Defines the upper boundary. Use this parameter with caution in a production environment, because it restricts the VM from bursting utilization beyond the configured boundaries.
3. Resource Allocation Shares: Defines the distribution of resources under contention. Shares can be used to prioritize certain workloads over others in case of contention. If the resources are over-provisioned across VMs and there is resource contention, the VM with high shares gets the proportional resource assignment.
vSphere resource distribution settings at the VM or resource pool level based on the organization VDC allocation model.
For the control plane workload functions, a higher-order elasticity is acceptable and memory can be reserved based on the workload requirement. For the data plane intensive workloads, both CPU and memory should be fully reserved. Storage IO and network throughput reservations must be determined based on the VNF needs.