NSX-T Architecture

Overview of the NSX-T Management,

Control, and Data Plane

©2019 VMware, Inc.

NSX-T Datacenter Components
Management, control and data planes

GUI/REST/CMP Consumption Management/control plane

NSX-T utilizes a multi-tiered networking
stack.
Cloud Service Manager
The NSX Management Cluster is a 3 node
Management/ NSX Container Plug-in high availability cluster. This cluster
control plane
vCenter(s)
consists of a converged Management
NSX Management Cluster
(Policy) & Control Plane cluster services.

Private
Cloud
VMs Containers Bare-Metal
NSX Distributed data plane
ESXi host KVM host Server
Edge The NSX-T distributed data plane
N-VDS N-VDS NSX
connects and hosts workloads across an
Data plane
entire enterprise utilizing heterogenous
Public
Linux Windows NSX hypervisor support and multiple Public
Cloud
VM VM Cloud cloud connectivity. Supports hosting the
NSX NSX GW most diverse array of application
frameworks – VMs, containers,
micro-services, bare-metal, etc.
Physical
Network Implements distributed switching, routing
and firewalling.

©2019 VMware, Inc. 2

NSX-T Manager – A Converged Appliance
Merging policy, management, and central control services on a cluster of nodes

Feature
The NSX management nodes each
Manager A Manager B Manager C
contain a Management plane, a
central control plane, a policy role
and a replicated desired state
Policy Management Plane datastore.

Central Control Plane

The NSX Management Cluster

provides availability of all
Distributed Persistent Database
management services and
increased performance.

NSX Management Cluster The converged appliance allows for

easier operations with less systems
to monitor and maintain.

©2019 VMware, Inc. 3

NSX-T Manager
Functional characteristics of the NSX-T Manager

The NSX-T Manager

• Maintains connectivity to all

UI, POST /API/ UI, GET /API/ nodes in the system

• Provides entry point to the

system via UI or API

• Handles user queries

• Persists user configuration and

the desired configuration
NSX Management Cluster
• Validates the stores data state

• Maintains and propagates the

dynamic state

©2019 VMware, Inc. 4

NSX-T Management and Control Plane
Centralized & local control

GUI/REST/CMP Computes all ephemeral runtime

states based on configuration
from the management plane

Pushes stateless configuration

to forwarding engines on
NSX Management Cluster
transport nodes
CCP

Disseminates topology
LCP LCP LCP
information reported by
the data plane elements
N-VDS N-VDS N-VDS

ESXi TN KVM TN Bare Metal Server The control plane is distributed

between
• Central Control Plane (CCP)
in the Manager Cluster and
• Local Control Plane (LCP) agents
on the hosts

©2019 VMware, Inc. 5

NSX-T Manager Clustering with Virtual IP
A highly available management plane for GUI and API

Feature
API or GUI Client
The cluster Virtual IP is
Cluster of three NSX managers
assumed by one Manager
called the leader. API and GUI available on all
managers
All cluster nodes must be in
the same subnet. Replicated desired state datastore
IP D – Virtual IP
GARP is used when the
Manager with the Virtual IP
fails. Benefit
The cluster IP is used for the High availability of the NSX UI and API
north bound operations. The
south bound connectivity to Reduces the likelihood of failures of
the hosts uses the physical IP
NSX operations
of each node.
NSX Manager Cluster
Provides API and GUI clients with
multiple endpoints or a single VIP for
availability

©2019 VMware, Inc. 6

NSX-T Manager Clustering with Load Balancer
A highly available management plane for GUI and API

Feature
API or GUI Client
Use any external load balancer
including the NSX Load Balancer

All NSX Managers within the cluster are

All Nodes Active available for responses from API and
VIP
GUI issued requests.
VIP Load Balances to External Load Balancer
Multiple Managers (NSX or Third-Party)

Managers can be in Benefit

different subnets Enables high availability of the NSX UI
and API and the NSX Manager.

Reduces the likelihood of failures of

operation of NSX.
NSX Manager Cluster

Provides API and GUI clients with

multiple endpoints or single VIP for
availability
©2019 VMware, Inc. 7
NSX-T Control Plane
Centralized & Local Control Plane

NSX-T Central Control Plane (CCP)

computes all ephemeral runtime
GUI/REST/CMP NSX Manager Cluster states based on configuration from
the management plane.
CCP

NSX Control Cluster

CCP Pushes stateless configuration
to the transport nodes. The Local
NSX Manager Cluster
CCP LCP LCP LCP
Control Plane (LCP) agents receive
TN1 TN2 TN3 the configuration and push it into the
LCP LCP LCP
data plane of the transport node.
N-VDS N-VDS N-VDS
Bare Metal Disseminates topology information
ESXi TN KVM TN Server
NSX-T Control Plane reported by the data plane elements
• Central Control Plane (CCP)
Located in the Manager appliance
• Local Control Plane (LCP)
Agents on each host

©2019 VMware, Inc. 8

NSX-T Management Cluster
High Level of the NSX-T Management architecture

Cluster Cluster Cluster

Manager Manager Manager
Reverse Reverse Reverse
Proxy Proxy Proxy
Policy Policy Policy

Policy Management Plane

Central Control Plane

Manager A Manager B Manager C

©2019 VMware, Inc. 9

NSX-T Data Plane
Transport Nodes

GUI/REST/CMP The Data Plane on each node is a high

performance engine for logical
switching, routing, and distributed
firewall. The data plane encapsulates
and decapsulates packets for the
NSX Management Cluster
MP CCP
overlay network.

The data plane of each host contains

the following elements:
MPA LCP MPA LCP
• Local Control Plane (LCP) agent
NSX Agent
ESXi vSwitch
NSX-T Data Plane • Management Plane Agent (MPA)
Open vSwitch
N-VDS N-VDS • NSX Virtual Distributed Switch
ESXi TN KVM TN

The N-VDS is based on either:

• ESXi vSwitch for ESXi
• Open vSwitch (OVS) for KVM
Hypervisor TN Edge TN

©2019 VMware, Inc. 10

NSX in the Data Center
NSX functional groups deployment

NSX-T best practices for deployment is a

simplified structure of functional groups
usually deployed as host clusters.
Private Cloud/ On-Prem DC
The Mangement Cluster contains NSX
manager, vCenter, automation tools, day
Distributed Switching
Centralised two operational tools and dependent
Services shared services (LDAP, DNS, NTP, etc).
Distributed Firewall

NSX Management The Compute cluster high performance

Distributed Routing Cluster
data plane kernel hosts the workloads.
ESX KVM VM/BM vSphere
Communication is East/West for the
workloads and connecting to the Edge.

The Edge Cluster provides north/south

Edge
routing for the external to the NSX Overlay.
Hypervisor Transport Nodes Transport Mgmt. Cluster The edge nodes are either VM or bare-
Nodes metal form factors. The Edge cluster hosts
the centralized (stateful) services such as
Firewall, Load Balancer, IPAM, VPN, etc.

©2019 VMware, Inc. 11

 Thank You

©2019 VMware, Inc.