This conceptual design provides you with an understanding of the network virtualization design.
The network virtualization conceptual design includes a perimeter firewall, a provider logical router, and the NSX for vSphere Logical Router. It also includes the external network, internal tenant network, and internal non-tenant network.
The conceptual design has the following key components.
- External Networks
- Connectivity to and from external networks is through the perimeter firewall. The main external network is the Internet.
- Perimeter Firewall
- The physical firewall exists at the perimeter of the data center. Each tenant receives either a full instance or partition of an instance to filter external traffic.
- Provider Logical Router (PLR)
- The PLR exists behind the perimeter firewall and handles North-South traffic that is entering and leaving tenant workloads.
- NSX Distributed Logical Router (DLR)
- This logical router is optimized for forwarding in the virtualized space, that is, between VMs, on VXLAN port groups or VLAN-backed port groups.
- Management Network
The management network is a VLAN-backed network that supports all management components such as vCenter Server, Platform Services Controller, NSX Manager and NSX Controllers, and Update Manager Download Service (UMDS).
In a dual-region environment, this network also handles Site Recovery Manager traffic.
- Internal Non-Tenant Network
- A single management network, which sits behind the perimeter firewall but not behind the PLR. Enables customers to manage the tenant environments.
- Internal Tenant Networks
- Connectivity for the main tenant workload. These networks are connected to a DLR, which sits behind the PLR. These networks take the form of VXLAN-based NSX for vSphere logical switches. Tenant virtual machine workloads will be directly attached to these networks.