Network Virtualization Conceptual Design for NSX-T

This conceptual design for NSX-T provides the network virtualization design of the logical components that handle the data to and from tenant workloads in the environment.

The network virtualization conceptual design includes a perimeter firewall, a provider logical router, and the NSX-T Gateway. It also considers the external network, internal workload networks, and the management network.

The conceptual design has the following components.

External Networks: Connectivity to and from external networks is through the perimeter firewall.
Perimeter Firewall: The firewall exists at the perimeter of the data center to filter Internet traffic.

Upstream Layer 3 Devices: The upstream Layer 3 devices are behind the perimeter firewall and handle North-South traffic that is entering and leaving the NSX-T environment. In most cases, this layer consists of a pair of top of rack switches or redundant upstream Layer 3 devices such as core routers.

NSX-T Gateway (SR): The SR component of the NSX-T Tier-0 Gateway is responsible for establishing eBGP peering with the Upstream Layer 3 devices and enabling North-South routing.
NSX-T Gateway (DR): The DR component of the NSX-T Gateway is responsible for East-West routing.
Management Network: The management network is a VLAN-backed network that supports all management components such as NSX-T Manager and NSX-T Controllers.
Internal Workload Networks: Internal workload networks are NSX-T Segments and provide connectivity for the tenant workloads. Workloads are directly connected to these networks. Internal workload networks are then connected to a DR.