What is it?
Part of VMware’s Software Defined Data Center (SDDC), NSX is VMware’s network and security solution. NSX a virtual alternative to the physical network appliances located in the Data Center placing routers, firewalls and load balancers into the hypervisor. This removes the reliance on the physical network and if you read some of the literature the network team.
In general this allows the VMware administrator to look at the physical network in the same way most businesses look at the WAN or Internet.
The NSX solution is an Infrastructure as a service (IaaS) solution that offers a full assembly of virtual network services such as switches, routers, load balancers and VPN concentrators that can exist within a single NSX domain. The NSX domain consists of an overlay network based on VXLAN, that allows guest VMs in one part of the network to talk to guest VMs further afield without leaving the VMware environment. Secure east west traffic through a distributed firewall and access to the physical network through an edge gateway.
The NSX product is made up of several software components based on virtual machines and appliances that all work together to provide the NSX ecosystem. The three core appliances within the NSX solutions are the ‘NSX Controller Cluster’, ‘NSX Manager’ and ‘NSX Edge Services Gateway’. At this point it must be pointed out that NSX is an addition or bolt on to vCenter server, not a standalone product. On top of that NSX relies on a 1:1 relationship between the NSX manager and vCenter so in other words you need an NSX manager for each and every vCenter in your network that you wish to use NSX.
A brief overview of each of the key NSX components follows:
- NSX vSwitch: The NSX vSwitch carries on where the vDS left off by adding VXLAN support. It should be noted that a pre-requsite is that vCenter uses vDS, which requires an ‘Enterprise Plus’ license.
- NSX Manager: The NSX manager is a virtual appliance that is effectively the management interface tied into vCenter. NSX Manager is used to provide the configuration of network components, network and edge services and once installed the following services are made available to the ESXi hosts and Web Client: VXLAN, Distributed Routing and Distributed firewall.
- NSX Controller Cluster: The NSX controller is the control plane used to distribute network information to hosts and update and maintain the state of all network functions within the NSX domain.
- NSX Edge Services Gateway (ESG): The ESG is a Virtual appliance that provides connectivity between the NSX and physical network. It also delivers all of the typical network edge services such as load balancing, VPN termination, Routing, NAT and Firewall services
Of the components listed, four key services are deliverable using NSX:
- Distributed Logical Router used to provide connectivity between different subnets within the NSX domain.
- Distributed Logical firewall to provide microsegmentation and security on a per VM basis
- L2 Gateway allowing your virtual servers access to the L2 physical network. This is generally required for any P2V solutions that need to be applied or other niche requriements.
- L3 Gateway permit L3 connectivity between your NSX domain and the physical world. Here is where you will apply all of your services such as SNAT, DNAT, firewalling into and out of the NSX domain, SSL offload etc.
Large Data Center networks that already use VMware and would like to virtualize network services.