The advanced networking model of NSX-T Data Center provides a fully-isolated and secure traffic paths across workloads and tenant switch and routing fabric. Advanced security policies and rules can be applied at the VM boundary to further control unwarranted traffic. Also for better traffic management, QoS switching profile can be used to provide high-quality and dedicated network performance for preferred traffic, that requires high bandwidth using class of service (COS) and Differentiated Services Code Point (DSCP) values for tenants.
NSX-T Data Center introduces a two-tiered routing architecture which enables the management of networks at the provider (Tier-0) and tenant (Tier-1) tiers. The provider routing tier is attached to the physical network for North-South traffic, while the tenant routing context can connect to the provider Tier-0 and manage East-West communications. The Tier-0 will provide traffic termination to the cloud physical gateways and existing CSP underlay networks for inter-cloud traffic communication.
Each Organization VDC will have a single Tier-1 distributed router that provides the intra-tenant routing capabilities. It can be also enabled for stateful services such as firewall and NAT. VMs belonging to a particular Tenant can be plumbed to multiple logical interfaces for layer 2 and layer 3 connectivity.