Following the vSphere design, the NSX for vSphere design consists of a single consolidated stack providing services for management components and tenant workloads.

Consolidated Stack

In the converted stack, the underlying hosts are prepared for NSX for vSphere. The Consolidated stack has these components.

  • NSX Manager instance

  • NSX Controller cluster

  • NSX ESG for north-south routing

  • NSX DLR for east-west routing

  • NSX ESG load balancers for workloads, where required.

The logical design of NSX considers the vCenter Server clusters and define the place where each NSX component runs.

Figure 1. Cluster Design for NSX for vSphere




Table 1. vSphere Cluster Design Decisions

Decision ID

Design Decision

Design Justification

Design Implications

CSDDC-VI-SDN-005

For the consolidated stack, do not use a dedicated edge cluster.

Simplifies configuration and minimizes the number of ESXi hosts required for initial deployment.

The NSX Controller instances, NSX Edge services gateways, and DLR control VMs of the compute stack are deployed in the consolidated cluster.

Because of the shared nature of the cluster, you must scale out the cluster as compute workloads are added to avoid an impact on network performance.

CSDDC-VI-SDN-006

Apply vSphere Distributed Resource Scheduler (DRS) anti-affinity rules to the NSX components.

Using DRS prevents controllers from running on the same ESXi host and thereby risking their high availability capability.

Additional configuration is required to set up anti-affinity rules.

High Availability of NSX for vSphere Components

vSphere HA protects each NSX Manager instance by ensuring that the NSX Manager VM is restarted on a different ESXi host in the event of primary ESXi host failure.

The NSX Controller nodes have defined vSphere Distributed Resource Scheduler (DRS) rules to ensure that NSX for vSphere Controller nodes do not run on the same host.

The data plane remains active during outages in the management and control planes although the provisioning and modification of virtual networks is impaired until those planes become available again.

NSX Edge components that are deployed for north-south traffic are configured in equal-cost multi-path (ECMP) mode that supports route failover in seconds. NSX Edge components for load balancing use NSX HA. NSX HA provides faster recovery than vSphere HA alone because NSX HA uses an active-passive pair of NSX Edge devices. By default, the passive Edge device becomes active 15 seconds after the active device stops working. All NSX Edge devices are also protected by vSphere HA.

Scalability of NSX Components

A one-to-one mapping between NSX Manager instances and vCenter Server instances exists. If the inventory of either the management stack or the compute stack exceeds the limits supported by a single vCenter Server, then you can deploy a new vCenter Server instance, and must also deploy a new NSX Manager instance. You can extend transport zones by adding more shared edge and compute and compute clusters until you reach the vCenter Server limits. Consider the limit of 100 DLRs per ESXi host although the environment usually would exceed other vCenter Server limits before the DLR limit.