VMware NSX Component

What are the different VMware NSX components, is the very known question when you are attending a VMware NSX administrator Interview.

So, here you go with the answer….

An image sourced from VMware Website

Screen Shot 2018-09-24 at 2.55.15 AM

  1. NSX Manager

NSX Manager is used for managing the NSX environment through GUI/Rest API.

According to VMware definition

The NSX Manager provides the graphical user interface (GUI) and the REST APIs for creating, configuring, and monitoring NSX components, such as controllers, logical switches, and edge services gateways. The NSX Manager provides an aggregated system view and is the centralized network management component of NSX.

  1. NSX Controller

NSX Controller/Control Cluster is the control plane devices, which helps to manage the VTEP/ARP & MAC table. So, all the communications within the NSX environment are happening under the control of the control cluster.

According to VMware definition

NSX controller is an advanced distributed state management system that controls virtual networks and overlay transport tunnels.

NSX controller is the central control point for all logical switches within a network and maintains information of all virtual machines, hosts, logical switches, and VXLANs. The controller supports two new logical switch control plane modes, Unicast and Hybrid.

  1. NSX Edge Services Gateway –

As per me, NSX Edge is a gateway device with multi features. It majorly used for the North-South Traffic but that is not true for DLR/uDLR.

  1. DLR/uDLR-This can be a process or a control VM, generally, if you are running static routing you do not need a VM but in case you are running a dynamic routing then you need a control VM to build the neighbourship.
  2. Edge Gateway – Can be used as a router/firewall and many other services
  3. Edge Load Balancer – This is also a type of Edge Gateway only but because of its feature I wanted to keep it separate but you can present in such a way where you can tell the Edge Gateways can do many functions like Routing/Firewalling/ Load Balancing/DHCP etc.

According to VMware definition

NSX Edge provides network edge security and gateway services to isolate a virtualized network. You can install an NSX Edge either as a logical (distributed) router or as a services gateway.

The NSX Edge logical (distributed) router provides East-West distributed routing with tenant IP address space and data path isolation. Virtual machines or workloads that reside on the same host on different subnets can communicate with one another without having to traverse a traditional routing interface.

The NSX Edge gateway connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of NSX Edge include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the NSX Edge creates virtual boundaries for each tenant.

  1. NSX Distributed Firewall – This is a service running in all the ESXi hosts within the NSX domain. This is a Firewall service used for East-West Traffic and is the major component rather main component for micro-segmentation. Earlier, i.e till 6.3, it used to firewall till Layer 4 but from 6.4 it has limited L7 capability.

According to VMware definition

NSX Distributed Firewall is a hypervisor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks. You can create access control policies based on VMware vCenter objects like data centers and clusters, virtual machine names and tags, network constructs such as IP/VLAN/VXLAN addresses, as well as user group identity from Active Directory. A consistent access control policy is now enforced when a virtual machine gets vMotioned across physical hosts without the need to rewrite firewall rules. Since Distributed Firewall is hypervisor-embedded, it delivers close to line rate throughput to enable higher workload consolidation on physical servers. The distributed nature of the firewall provides a scale-out architecture that automatically extends firewall capacity when additional hosts are added to a data center.

  1. NSX vSwitch – NSX vSwitch is actually a software component that works in the hypervisor level to give us the many flexibilities such as to overcome the L2 or L3 boundaries within the Datacenter environment.

According to VMware definition

NSX vSwitch is the software that operates in server hypervisors to form a software abstraction layer between servers and the physical network.

As the demands on data centers continue to grow and accelerate, requirements related to speed and access to the data itself continue to grow as well. In most infrastructures, virtual machine access and mobility usually depend on physical networking infrastructure and the physical networking environments they reside in. This can force virtual workloads into less than ideal environments due to potential layer 2 or layer 3 boundaries, such as being tied to specific VLANs.

NSX vSwitch allows you to place these virtual workloads on any available infrastructure in the data center regardless of the underlying physical network infrastructure. This not only allows increased flexibility and mobility but increased availability and resilience.

The aforesaid is the direct component of NSX but there are few more associated components, which are equally important for an NSX-NV like vCenter, PSC(for single sign-on), etc.

Cheers,

Maddy

 

Architect/Consultant in IT/Telecom/Networking Support Industry with over 13+ years of Experience. Mainly working with Cisco Products other than Cisco worked with VMware NSX/Juniper/Riverbed/Meraki & Citrix Products, and worked with various clients like PSU Banks, Petroleum Corporations, different government sector clients, BPO Sector, Telecom NOC and ISP. Global Certifications: VMware vSphere Foundation 6 CCNA Routing & Switching CCNP Routing & Switching ITIL V3 Foundation RTSA-W RTSS-W RSA RTSA-NPM RTSS-NPM Aspiring Certifications: VCP-NV

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.