NSX-T is the VMware solution for the Network Virtualization to provide the networking, security and Automation with simple operation . It is supporting cloud-native applications, bare metal workloads, multi virtualization platform, public clouds and multi-cloud setup. Also, it is designed to be managed and operated by development organization. Also, it is providing the variety of using the suitable technology for the applications.
In the Beginning I thought that NSX-T is same as NSX-v with the normal growth for nsx-v that to get more capabilities, enhancements and supportability. but what I found that the nsx-v just a start and the NSX-T has a lot of major changes and its totally new product. Same concept but wider than the NSX-v. It’s capable for multiple platforms and multi-cloud including on-premise / public clouds.
The New Major Capabilities in the NSX-T
- Supporting multiple hypervisor (esxi, KVM) also Bare Metal Servers.
- NSX Manager appliance have two modes. The role of NSX Manager or nsx-cloud-service-manager. And only supports one role at a time.
- NSX-Agent has two types of nodes NSX Manager and transport nodes.
- Open Source switches can work within XenServer, KVM and other linux-based hypervisors.
- Edge server supporting the installation on a physical server
- The NSX Manager now supporting HA (cluster)
- Edge server have two tiers (tier 0 , tier 1)
- NSX-T Virtual Distributed Switch (N-VDS) This is the new virtual distributed switch to support multiple platforms with different uplink and support the vlan and Overlay logical switching
- Container API Support: New API support is available for container inventory. See the API documentation.
- Firewall Improvements: Layer-7 AppID Support
Endpoint Protection (Guest Introspection): Linux Support – Support for Linux-based operating systems with Endpoint Protection for Guest Introspection.
Segment: is the logical switch that provide the L2 segmenting.
Tier-0 Gateway (Logical Router): The Tier 0 router is the interface or the gateway for the virtual network to the physical network and the physical switches and peers with the physical switches in BGP. And this must be used.
Tier-1 Gateway (Logical router): The Tier 1 router is the logical router responsible for the north-south traffic and can peer with one tier 0 router. This is used in case requiring multi-tenant or multi routers inside the virtualization.
Transport Node: This is a node running the nsx-t capabilities (the workloads). So, this is the hypervisor host or the Bare Metal Servers.
Uplink Profile: This define the policy for the hypervisor hosts to the NSX logical switches or from NSX Edge nodes to the physical switches / routers. Also the settings defined by uplink profiles might include teaming policies, active/standby links, the transport VLAN ID, and the MTU setting. The transport VLAN set in the uplink profile tags overlay traffic only and the VLAN ID is used by the TEP endpoint.
Geneve Protocol: NSX-T not using VXLAN protocol it’s using Geneve. Geneve is a tunneling mechanism which provides extensibility while still using the offload capabilities of NICs for performance improvement. It works by creating Layer 2 logical networks that are encapsulated in UDP packets. A Segment ID in every frame identifies the Geneve logical networks without the need for VLAN tags. As a result, many isolated Layer 2 networks can coexist on a common Layer 3 infrastructure using the same VLAN ID. Jumbo frames are required with more than MTU 1600 bytes, 1700 bytes in normal cases and VMware design decisions is 9000 bytes.
Cloud Service Manager (CSM)
This enables you to manage and secure your public cloud inventory using NSX-T Data Center. The Cloud Service Manager (CSM) provides a single pane of glass management endpoint for your public cloud inventory. It is the nsx manager appliance but deployed in a CSM mode. First you need at least one NSX manager to deploy CSM .
It is having two modes of operation, this makes NSX Cloud the only Hybrid Cloud solution in the market to support agent and agent-less modes of operation. Both modes will provide Dynamic Group membership and a rich set of abstractions for nsx group membership criteria.
- NSX Enforced Mode (Agented) – Provides a “Consistent” policy framework between on-premises and any public cloud.
- Native Cloud Enforced Mode (Agentless) Provides a “Common” policy framework between on-premises and any public cloud.