This post is focused on NSX-V (NSX for vSphere) which from this point forward I’ll refer to as NSX. Future posts will cover NSX-T components and architecture.
The graphic below shows the major components that make up NSX and in this post I’ll cover some of the features and functionality at a high level.
As the name suggests, this provides the centralised management functionality to the NSX environment. NSX Manager is deployed from an ova file and has a simple wizard to configure the appliance. In a future post I will detail the steps involved. Some other responsibilities that NSX Manager has are listed below.
- There is a one to one mapping between a vCenter server and an NSX Manager
- Can either hold primary, secondary or standalone role when using multi-site deployments
- It provides the UI via the vSphere Web Client and API interfaces
- Deploys NSX Controller and NSX Edge virtual appliances
- Installs VXLAN, distributed logical router (DLR) and distributed logical firewall (DFW) modules to ESXi hosts along with User World Agents
If using VXLAN in an NSX deployment the NSX Controllers are required to provide control plane information for all logical networks. This include information about virtual machines, hosts, logical switches and DLR’s. An important point to note is the NSX Controllers are not in the data plane, meaning no virtual machines traffic passes through them. Some other responsibilities are
- Provides control plane to distribute VXLAN and logical routing information to ESXi hosts
- The only supported configuration is a 3-node cluster (as of January 2018) and it’s recommended to create DRS anti-affinity rules to ensure these run on separate ESXi hosts
- Network information is sliced across each node in the cluster to balance workload and provide redundancy
- Nodes are deployed using NSX Manager as virtual appliances
- Maintains VTEP, MAC and ARP tables.
NSX Logical Router Control VM
This is also referred to as the DLR Control VM and is another control plane component. The primary purpose is to establish OSPF and BGP neighbours (peers) and provide routing updates to the NSX Controller cluster. This is deployed from NSX Manager as a virtual appliance and can be configured in an active-standby mode for high availability.
User World Agents
These agents are deployed by NSX Manager to each ESXi host during the host preparation phase and have the following responsibilities
- Connects to multiple NSX Controller instances
- Mediator between ESXi kernel modules and NSX Controller instances
- There are two services that run netcpa and vsfwd
- The netcpa service collects information such as MAC and IP addresses of VMs and reports to the NSX Controllers
- The vsfwd service interacts with with NSX Manager to retrieve distributed firewall policy rules and also sends back statistics and audit logs.
NSX Virtual Switch
VMware NSX requires the vSphere environment to run the vSphere Distributed Switch (vDS) which is usually only found with Enterprise Plus licensing. Don’t worry if you have another edition of vSphere licensing as when you purchase NSX you are entitled to the vDS. The NSX Virtual switch is the combination of the vDS and kernel modules to provide extra functionality such as VXLAN, DLR and DFW.
NSX Edge Services Gateway
The NSX Edge can provide common network services such as DHCP, VPN, NAT routing, load balancing and perimeter firewall. Edge appliances are deployed from NSX manager as virtual appliances and depending on the workload requirements there are 4 profiles available and these can be changed post deployment if required.
- An NSX Edge supports up to 10 interfaces and 200 sub interfaces per appliance
- The appliances can be deployed in active-standby mode for HA
- ECMP is supported for up to 8 paths.
- The 4 configurations are
o Compact: 1vCPU, 512MB RAM
o Large: 2 vCPU, 1GB RAM
o Quad Large: 4 vCPU, 1GB RAM
o X Large: 6 vCPU, 8GB RAM
I hope this post has given you a high-level insight to some of the components that make up NSX and what functionality or features they provide. In future posts I plan to cover some of these areas in more depth so make sure you stay tuned.