This conceptual design for NSX-T provides the network virtualization design of the logical components that handle the data to and from tenant workloads in the environment.

The network virtualization conceptual design includes a perimeter firewall, a provider logical router, and the NSX-T logical router. It also considers the external network, internal workload networks, and the management network.

Figure 1. NSX-T Conceptual Overview



The conceptual design has the following components.

External Networks

Connectivity to and from external networks is through the perimeter firewall.

Perimeter Firewall

The firewall exists at the perimeter of the data center to filter Internet traffic.

Upstream Layer 3 Devices

The upstream Layer 3 devices are behind the perimeter firewall and handle North-South traffic that is entering and leaving the NSX-T environment. In most cases, this layer consists of a pair of top of rack switches or redundant upstream Layer 3 devices such as core routers.

NSX-T Logical Router (SR)

The SR component of the NSX-T Tier-0 Logical Router is responsible for establishing eBGP peering with the Upstream Layer 3 devices and enabling North-South routing.

NSX-T Logical Router (DR)

The DR component of the NSX-T Logical Router is responsible for East-West routing.

Management Network

The management network is a VLAN-backed network that supports all management components such as NSX-T Manager and NSX-T Controllers.

Internal Workload Networks

Internal workload networks are NSX-T logical switches and provide connectivity for the tenant workloads. Workloads are directly connected to these networks. Internal workload networks are then connected to a DR.