NSX Components

NSX components consists of

  • Management Plane
  • Control Plane
  • Data Plane

NSX Management Plane:

  • The NSX management plane is based on the NSX Manager.
  • This is a virtual appliance (deployed as a standard OVF template on an ESXi host – recommended using the Management Cluster) pointed to vCenter (1:1 relationship till version 6.1.x)
  • NSX Manager is responsible for controlling and managing the whole virtual network by

    • Centralizing network management.
    • NSX can be configured through the vSphere Web Client, a command line interface (CLI), and REST API. 
    • Providing REST APIs for creating, configuring and monitoring NSX components such as logical switches or edge services gateways.

NSX Control Plane:

  • The NSX control plane is based on NSX Controller cluster.
  • NSX Controller is also a virtual appliance (must be deployed in a three-node cluster for high availability & scale) that is responsible for managing the distributed switching & routing modules in ESXi hosts.
  • The controller does not have any data plane traffic passing through it.
  • The NSX controller is the central control point for all logical switches within a network & maintains information of all virtual machines, hosts, logical switches & VXLANs.

NSX Data Plane:

The NSX data plane consists of NSX vSwitch = vSphere Distributed Switch (VDS) + Kernel modules (such as VXLAN, Distributed Logical Router or Firewall)

  • NSX vSwitch provides access-level switching in ESXi host.
  • NSX logical router provides L2 bridging from the logical networking space (VXLAN) to the physical network (VLAN).
  • NSX Edge gateway provides common gateway services such as dynamic routing, perimeter firewall, DHCP, VPN, NAT & Load Balancing.

NSX Services:

NSX services as follows:

  • Logical Switches – Distributed switches that can span vSphere clusters. Each logical switch is mapped to a unique VXLAN & also can be extended to a physical device using an L2 bridge.
  • Logical Routers – Distributed router provides routing between 2 L2 segments at the hypervisor level. It provides East – West routing.
  • Logical Firewall – Hypervisor kernel-embedded firewall (Micro Segmentation).
  • Logical Load Balancer – Networking service which offers Load Balancing functionality at Edge Gateway level.
  • Service Composer – Grouping & mapping services to applications.
  • Logical VPNs – SSL VPN-Plus & IPSec features & functionality.
  • NSX Extensibility – Integration with 3rd-party solutions (PaloAlto, TrendMicro etc.)