This conceptual design for NSX-T provides the network virtualization design of the logical components that handle the data to and from tenant workloads in the environment.
The network virtualization conceptual design includes a perimeter firewall, a provider logical router, and the NSX-T Gateway. It also considers the external network, internal workload networks, and the management network.
The conceptual design has the following components.
- External Networks
Connectivity to and from external networks is through the perimeter firewall.
- Perimeter Firewall
The firewall exists at the perimeter of the data center to filter Internet traffic.
- Upstream Layer 3 Devices
The upstream Layer 3 devices are behind the perimeter firewall and handle North-South traffic that is entering and leaving the NSX-T environment. In most cases, this layer consists of a pair of top of rack switches or redundant upstream Layer 3 devices such as core routers.
- NSX-T Gateway (SR)
The SR component of the NSX-T Tier-0 Gateway is responsible for establishing eBGP peering with the Upstream Layer 3 devices and enabling North-South routing.
- NSX-T Gateway (DR)
The DR component of the NSX-T Gateway is responsible for East-West routing.
- Management Network
The management network is a VLAN-backed network that supports all management components such as NSX-T Manager and NSX-T Controllers.
- Internal Workload Networks
Internal workload networks are NSX-T Segments and provide connectivity for the tenant workloads. Workloads are directly connected to these networks. Internal workload networks are then connected to a DR.