The advanced networking model of NSX-T Data Center provides a fully isolated and secure traffic paths across workloads and tenant switch or routing fabric. Advanced security policies and rules can be applied at the VM boundary to further control unwarranted traffic.
NSX-T Data Center introduces a two-tiered routing architecture which enables the management of networks at the provider (Tier-0) and tenant (Tier-1) tiers. The provider routing tier is attached to the physical network for North-South traffic, while the tenant routing context can connect to the provider Tier-0 and manage East-West communications. The Tier-0 will provide traffic termination to the cloud physical gateways and existing CSP underlay networks for inter-cloud traffic communication.
Each Tenant vDC will have a single Tier-1 distributed router that provides the intra-tenant routing capabilities. It can also be enabled for stateful services such as firewall, NAT, load balancer, and so on. VMs belonging to Tenant A can be plumbed to multiple logical interfaces for layer 2 and layer 3 connectivity.
By using VMware Integrated OpenStack as the IaaS layer, user profile and RBAC policies can be used to enable and restrict access to the networking fabric at the Tier-1 level.