NSX for vSphere requirements impact both physical and virtual networks.

Physical Network Requirements

Physical requirements determine the MTU size for networks that carry VLAN traffic, dynamic routing support, time synchronization through an NTP server, and forward and reverse DNS resolution.

Requirement

Comments

Any network that carries VXLAN traffic must have an MTU size of 1600 or greater.

VXLAN packets cannot be fragmented. The MTU size must be large enough to support extra encapsulation overhead.

This design uses jumbo frames, MTU size of 9000, for VXLAN traffic.

For the hybrid replication mode, Internet Group Management Protocol (IGMP) snooping must be enabled on the Layer 2 switches to which ESXi hosts that participate in VXLAN are attached. IGMP querier must be enabled on the connected router or Layer 3 switch.

IGMP snooping on Layer 2 switches is a requirement of the hybrid replication mode. You use hybrid replication mode for broadcast, unknown unicast, and multicast (BUM) traffic when deploying into an environment with large scale-out potential. The traditional requirement for Protocol Independent Multicast (PIM) is removed.

Dynamic routing support on the upstream Layer 3 data center switches must be enabled.

Enable a dynamic routing protocol supported by NSX on the upstream data center switches to establish dynamic routing adjacency with the ESGs.

NTP server must be available.

NSX Manager requires NTP settings that synchronize it with the rest of the vSphere environment. Drift can cause problems with authentication. NSX Manager must be in sync with the vCenter Single Sign-On service on the Platform Services Controller.

Forward and reverse DNS resolution for all management VMs must be established.

The NSX Controller nodes do not require DNS entries.

NSX Component Specifications

Determine the size of an NSX component according to your environment. Sizing resources for NSX according to storage requirements is a part of the physical storage design. See Design Decisions on the vSAN Disk Configuration.

Size of NSX Edge services gateways might vary according to tenant requirements. Consider all options in such a case.

Table 1. Specifications of the NSX Components

VM

vCPU

Memory

Storage

Quantity per Stack Instance

NSX Manager

4

16 GB

60 GB

1

NSX Controller

4

4 GB

20 GB

3

NSX Edge

  • 1 (Compact)

  • 2 (Large)

  • 4 (Quad Large)

  • 6 (X-Large)

  • 512 MB (Compact)

  • 1 GB (Large)

  • 2 GB (Quad Large)

  • 8 GB (X-Large)

  • 1.1 GB (Compact)

  • 1.1 GB (Large)

  • 1.1 GB (Quad Large)

  • 4.84 GB (X-Large)

Optional component. Deployment of NSX ESG varies per use case.

DLR control VM

2

1 GB

2 GB

Optional component. Varies with use case. Typically 2 per HA pair.

Guest introspection

2

2 GB

6.26 GB

Optional component. 1 per ESXi host.

NSX data security

1

512 MB

6 GB

Optional component. 1 per ESXi host.

NSX Edge Service Gateway Sizing

The Quad Large size is suitable for high performance firewall abilities. The X-Large size is suitable for both high performance load balancing and routing.

You can convert between NSX Edge service gateway sizes upon demand using a non-disruptive upgrade process. Begin with the Large size and scale up if necessary. A Large NSX Edge service gateway is suitable for medium firewall performance. However, the NSX Edge service gateway does not perform the majority of firewall functions.

Note:

Edge service gateway throughput is influenced by the WAN circuit. Use an adaptable approach by converting as necessary.

Table 2. Design Decisions on Sizing the NSX Edge Service Gateways

Decision ID

Design Decision

Design Justification

Design Implications

ROBO-VI-SDN-004

Use large-size NSX Edge service gateways.

The large size provides all the performance characteristics needed even in the event of a failure.

A larger size might also provide the required performance but at the expense of extra resources that cannot be used.