Container networking is integrated with NSX-T Data Center and provides a seamless fabric for both VM-based and container-based workloads.

NSX-T Data Center networking is used to enable the management, control, and data plane traffic within the multi-tenant logical constructs of VMware Integrated OpenStack.

Figure 1. NSX-T Container Networking Interfaces Plugin

NSX-T Container Networking Interfaces Plugin

Container Network Interface Plug-in

NSX-T provides seamless network virtualization for workloads running on either VMs or containers. This is achieved by using the NSX-T Container Network Interface Plug-in (NCP) that communicates with both NSX Manager and the Kubernetes API server on the Kubernetes Control plane nodes. NCP monitors changes to containers and other resources. It also manages networking resources such as logical ports, switches, routers, and security groups for the containers through the NSX API.

Once the Kubernetes cluster is deployed, a namespace is created and assigned to one or more tenant users. The NCP plug-in automatically creates an NSX-T Data Center logical Tier-1 router for the configured namespace and assigns it to the default Tier-0 provider router. Once the name space is created, pods and containers can be deployed and they can consume the NSX-T Data Center backed networks. VM-based workload connectivity to the containers is established by connecting containers to the NCP POD Network that is created when the namespace is provisioned.

The NSX CNI plug-in supports both the N-VDS Standard and Enhanced modes.

Switching and Routing

The NSX-T Data Center software driven container networking building blocks are identical to the building blocks that are used for building the East-West and North-South connectivity of the VM based VNF workloads. Since both are backed by the same NSX-T Data Center infrastructure, East-West connectivity can be provisioned between the hybrid workloads by using Logical Switches and Tier-1 routers.

When container networking building blocks are connected to the Tier-0 routers for North-South traffic, they provide the same level of functionality to the containerized workloads as they do to VM workloads.