Management applications that are deployed on top of the management domain can use a pre-defined configuration of NSX-T virtual network segments.

NSX-T segments provide flexibility for workload placement by removing the dependence on traditional physical data center networks. This approach also improves security and mobility of the management applications, and reduces the integration effort with existing customer network.

Figure 1. Virtual Network Segments in the SDDC


Table 1. Design Decisions on Virtual Network Segments in NSX-T Data Center

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-MGMT-VI-SDN-103

Create one cross-region NSX-T virtual network segment for management application components which require mobility between regions.

Enables management workload mobility without complex physical network configuration.

Management application components must be easily portable between regions without requiring reconfiguration.

NSX-T virtual network segment requires a unique IP address space.

SDDC-MGMT-VI-SDN-104

Create one or more region-specific NSX-T virtual network segments for management application components that are assigned to a specific region.

Enables workload mobility within the data center without complex physical network configuration.

Each NSX-T virtual network segment requires a unique IP address space.

With NSX-T Federation, NSX-T virtual segment can span multiple NSX-T instances and regions. A single network segment can be available in different physical regions over the NSX-T SDN. In a multi-region deployment, the cross-region NSX-T virtual network in the management domain is extended between the first two regions. This configuration provides IP mobility for management components which fail over from Region A to Region B.

Table 2. Design Decisions on Virtual Network Segments for a Multi-Region SDDC

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-MGMT-VI-SDN-105

For a dual-region SDDC, extend the cross-region NSX-T virtual network segment to Region B for management application components which require mobility between regions.

Enables management workload mobility without complex physical network configuration.

Management application components must be easily portable between regions without requiring reconfiguration.

The NSX-T virtual network segment requires a unique IP address space.

SDDC-MGMT-VI-SDN-106

For a dual-region SDDC, in each additional region, create additional region-specific NSX-T virtual network segments for management application components that are allocated in a specific region.

Enables workload mobility within the data center without complex physical network configuration.

Each region should have network segments to support workloads which are isolated to that region.

Each NSX-T virtual network segment requires a unique IP address space.

SDDC-MGMT-VI-SDN-107

In each additional region, connect or migrate region-specific NSX-T virtual network segments to their corresponding region-specific Tier-1 gateway.

Configures region-specific network segments at required sites only.

Requires an individual Tier-1 gateway for region-specific segments.