NSX components consists of
- Management Plane
- Control Plane
- Data Plane
NSX Management Plane:
- The NSX management plane is based on the NSX Manager.
- This is a virtual appliance (deployed as a standard OVF template on an ESXi host – recommended using the Management Cluster) pointed to vCenter (1:1 relationship till version 6.1.x)
NSX Manager is responsible for controlling and managing the whole virtual network by
- Centralizing network management.
- NSX can be configured through the vSphere Web Client, a command line interface (CLI), and REST API.
- Providing REST APIs for creating, configuring and monitoring NSX components such as logical switches or edge services gateways.
NSX Control Plane:
- The NSX control plane is based on NSX Controller cluster.
- NSX Controller is also a virtual appliance (must be deployed in a three-node cluster for high availability & scale) that is responsible for managing the distributed switching & routing modules in ESXi hosts.
- The controller does not have any data plane traffic passing through it.
- The NSX controller is the central control point for all logical switches within a network & maintains information of all virtual machines, hosts, logical switches & VXLANs.
NSX Data Plane:
The NSX data plane consists of NSX vSwitch = vSphere Distributed Switch (VDS) + Kernel modules (such as VXLAN, Distributed Logical Router or Firewall)
- NSX vSwitch provides access-level switching in ESXi host.
- NSX logical router provides L2 bridging from the logical networking space (VXLAN) to the physical network (VLAN).
- NSX Edge gateway provides common gateway services such as dynamic routing, perimeter firewall, DHCP, VPN, NAT & Load Balancing.
NSX services as follows:
- Logical Switches – Distributed switches that can span vSphere clusters. Each logical switch is mapped to a unique VXLAN & also can be extended to a physical device using an L2 bridge.
- Logical Routers – Distributed router provides routing between 2 L2 segments at the hypervisor level. It provides East – West routing.
- Logical Firewall – Hypervisor kernel-embedded firewall (Micro Segmentation).
- Logical Load Balancer – Networking service which offers Load Balancing functionality at Edge Gateway level.
- Service Composer – Grouping & mapping services to applications.
- Logical VPNs – SSL VPN-Plus & IPSec features & functionality.
- NSX Extensibility – Integration with 3rd-party solutions (PaloAlto, TrendMicro etc.)