NSX Data Center for vSphere Overview

Posted By Rajesh Radhakrishnan January 03 2019

First I want to share new update as NSX for vSphere is now it is known as NSX Data Center for vSphere .We are discussing the details about the latest version NSX Data Center for vSphere 6.4.4 .In this post we will share an over view of the NSX Data Center for vSphere and it’s core components .
VMware’s Software Defined Data Center (SDDC) architecture is now extending virtualization technologies across the entire physical data center infrastructure. NSX Data Center for vSphere is a key product in the SDDC architecture. With NSX Data Center for vSphere, virtualization delivers for networking what it has already delivered for compute and storage. In much the same way that server virtualization programmatically creates, snapshots, deletes, and restores software-based virtual machines (VMs), NSX Data Center for vSphere network virtualization programmatically creates, snapshots, deletes, and restores software-based virtual networks. The result is a transformative approach to networking that not only enables data center managers to achieve orders of magnitude better agility and economics, but also allows for a vastly simplified operational model for the underlying physical network. With the ability to be deployed on any IP network, including both existing traditional networking models and next-generation fabric architectures from any vendor, NSX Data Center for vSphere is a non-disruptive solution. In fact, with NSX Data Center for vSphere, the physical network infrastructure you already have is all you need to deploy a software-defined data center.

NSX-OVERVIEW-01

The above figure shows the similarity between compute and network virtualization. With server virtualization, a software abstraction layer (server hypervisor) reproduces the familiar attributes of an x86 physical server (for example, CPU, RAM, Disk, NIC) in software, allowing them to be programmatically assembled in any arbitrary combination to produce a unique VM in a matter of seconds.
With network virtualization, the functional equivalent of a network hypervisor reproduces the complete set of Layer 2 through Layer 7 networking services (for example, switching, routing, access control, firewalling, QoS, and load balancing) in software. As a result, these services can be programmatically assembled in any arbitrary combination, to produce unique, isolated virtual networks in a matter of seconds.
With network virtualization, benefits similar to server virtualization are derived. For example, just as VMs are independent of the underlying x86 platform and allow IT to treat physical hosts as a pool of compute capacity, virtual networks are independent of the underlying IP network hardware and allow IT to treat the physical network as a pool of transport capacity that can be consumed and repurposed on demand. Unlike legacy architectures, virtual networks can be provisioned, changed, stored, deleted, and restored programmatically without reconfiguring the underlying physical hardware or topology. By matching the capabilities and benefits derived from familiar server and storage virtualization solutions, this transformative approach to networking unleashes the full potential of the software-defined data center. NSX Data Center for vSphere can be configured through the vSphere Web Client, a command-line interface (CLI), and a REST API.

NSX Data Center for vSphere Components

NSX Data Center for vSphere has major two components which is on management plane and control plane , below image describes the components of the NSX solution.Also cloud management platform (CMP) is not a NSX Data Center for vSphere component, but NSX Data Center for vSphere provides integration into virtually any CMP via the REST API and out-of-the-box integration with VMware CMPs.

NSX-OVERVIEW-02

Data Plane

The data plane consists of the NSX Virtual Switch, which is based on the vSphere Distributed Switch (VDS) with additional components to enable services. Kernel modules, user space agents, configuration files, and install scripts are packaged in VIBs and run within the hypervisor kernel to provide services such as distributed routing and logical firewall and to enable VXLAN bridging capabilities.

The NSX Virtual Switch (vDS-based) abstracts the physical network and provides access-level switching in the hypervisor. It is central to network virtualization because it enables logical networks that are independent of physical constructs, such as VLANs. Some of the benefits of the vSwitch are:

  • Support for overlay networking with protocols (such as VXLAN) and centralized network configuration. Overlay networking enables the following capabilities:
    • Reduced use of VLAN IDs in the physical network.
    • Creation of a flexible logical Layer 2 (L2) overlay over existing IP networks on existing physical infrastructure without the need to re-architect any of the data center networks
    • Provision of communication (east–west and north–south), while maintaining isolation between tenants
    • Application workloads and virtual machines that are agnostic of the overlay network and operate as if they were connected to a physical L2 network
  • Facilitates massive scale of hypervisors
  • Multiple features—such as Port Mirroring, NetFlow/IPFIX, Configuration Backup and Restore, Network Health Check, QoS, and LACP—provide a comprehensive toolkit for traffic management, monitoring, and troubleshooting within a virtual network

The logical routers can provide L2 bridging from the logical networking space (VXLAN) to the physical network (VLAN).

The gateway device is typically an NSX Edge virtual appliance. NSX Edge offers L2, L3, perimeter firewall, load balancing, and other services such as SSL VPN and DHCP.

Control Plane

The control plane runs in the NSX Controller cluster. The NSX Controller is an advanced distributed state management system that provides control plane functions for logical switching and routing functions. It is the central control point for all logical switches within a network and maintains information about all hosts, logical switches (VXLANs), and distributed logical routers.

The NSX Controller cluster is responsible for managing the distributed switching and routing modules in the hypervisors. The controller does not have any dataplane traffic passing through it. Controller nodes are deployed in a cluster of three members to enable high-availability and scale. Any failure of the controller nodes does not impact any data-plane traffic.

NSX Controllers work by distributing network information to hosts. To achieve a high level of resiliency the NSX Controller is clustered for scale out and HA. NSX Controller cluster must contain three nodes. The three virtual appliances provide, maintain, and update the state of all network functioning within the NSX domain. NSX Manager is used to deploy NSX Controller nodes.

The three NSX Controller nodes form a control cluster. The controller cluster requires a quorum (also called a majority) in order to avoid a “split-brain scenario.” In a split-brain scenario, data inconsistencies originate from the maintenance of two separate data sets that overlap. The inconsistencies can be caused by failure conditions and data synchronization issues. Having three controller nodes ensures data redundancy in case of failure of one NSX Controller node.

A controller cluster has several roles, including:

  • API provider
  • Persistence server
  • Switch manager
  • Logical manager
  • Directory server

Each role has a master controller node. If a master controller node for a role fails, the cluster elects a new master for that role from the available NSX Controller nodes. The new master NSX Controller node for that role reallocates the lost portions of work among the remaining NSX Controller nodes.

NSX Data Center for vSphere supports three logical switch control plane modes: multicast, unicast and hybrid. Using a controller cluster to manage VXLAN-based logical switches eliminates the need for multicast support from the physical network infrastructure. You don’t have to provision multicast group IP addresses, and you also don’t need to enable PIM routing or IGMP snooping features on physical switches or routers. Thus, the unicast and hybrid modes decouple NSX from the physical network. VXLANs in unicast control-plane mode do not require the physical network to support multicast in order to handle the broadcast, unknown unicast, and multicast (BUM) traffic within a logical switch. The unicast mode replicates all the BUM traffic locally on the host and requires no physical network configuration. In the hybrid mode, some of the BUM traffic replication is offloaded to the first hop physical switch to achieve better performance. Hybrid mode requires IGMP snooping on the first-hop switch and access to an IGMP querier in each VTEP subnet.

Management Plane

The management plane is built by the NSX Manager which the centralized network management component of NSX Data Center for vSphere. It provides the single point of configuration and REST API entry-points.NSX Manager is installed as a virtual appliance on any ESXi host in your vCenter Server environment. NSX Manager and vCenter have a one-to-one relationship. For every instance of a NSX Manager only one vCenter Server can be configured and it is applicable for cross-vCenter NSX environment also.

In a cross-vCenter NSX environment, there is both a primary NSX Manager and one or more secondary NSX Manager appliances. The primary NSX Manager allows you to create and manage universal logical switches, universal logical (distributed) routers and universal firewall rules. Secondary NSX Managers are used to manage networking services that are local to that specific NSX Manager. There can be up to seven secondary NSX Managers associated with the primary NSX Manager in a cross-vCenter NSX environment.

Consumption Platform

The consumption of NSX Data Center for vSphere can be driven directly through the NSX Manager user interface, which is available in the vSphere Web Client. Typically end users tie network virtualization to their cloud management platform for deploying applications. NSX Data Center for vSphere provides rich integration into virtually any CMP through REST APIs. Out-of-the-box integration is also available through VMware vCloud Automation Center, vCloud Director, and OpenStack with the Neutron plug-in.

Reference

Conclusion

In this post we covered the overview of NSX Data Center For VSphere  and components . NSX Edge ,Services , deployment and configuration will cover upcoming posts .