VMware NSX-v Components and Services Overview
One of the key components of VMware SDDC suite is NSX which is a network virtualization platform. VMware has been a leader in compute virtualization for over a decade now and with the introduction of NSX it has become a leader in Software defined networking product.
VMware NSX paves the way for enterprises to rapidly deploy networking and security for any application, on any general purpose hardware, non-disruptively, by enabling the fundamental abstraction of networks from networking hardware – creating the virtual network. Through network virtualization, more simplified logical networking devices and services can be abstracted away from the complexities of physical network engineering, exposed as logical networking objects across a fully distributed virtualization layer, and consumable through northbound APIs. In this process, the network virtualization layer leaves behind a simplified physical layer. VMware NSX exposes these simplified logical networking devices and services as logical ports, logical switches, logical routers, distributed virtual firewalls, virtual load balancers, and more, with monitoring, QoS, and security; backed by VMware NSX edge virtualization software or partner appliances.
Let’s see NSX Components –
NSX Management Plane
The NSX management plane is performed at the NSX Manager. This is a virtual appliance deployed as a standard OVF template on an ESXi host - recommended using the Management Cluster registered to a vCenter in a 1:1 relationship. If you have a cross-vCenter NSX environment that also has one-to-one relationship. NSX Manager is responsible for controlling and managing the whole virtual network by:
Provides the management UI and VMware NSX API™
Installs user world agents, VXLAN, distributed routing, and distributed firewall kernel modules
Deploys the VMware NSX Controller cluster nodes
Configures the VMware NSX Controller cluster nodes through internal REST API
Configures hosts through a message bus
Generates certificates to secure control plane communications
Deploys logical networks and services
NSX Control Plane
Control plane consists of three components –
VMware NSX Controller provides several benefits:
VXLAN and logical routing network information distribution to ESXi hosts
Clustering for scale-out and high availability
Workload distribution among VMware NSX Controller cluster nodes
Maintenance of tables for VXLAN and distributed logical routers:
VXLAN: VTEP, MAC, ARP tables
Distributed logical routers: For each instance: routes, logical interfaces, ARP, and
MACs for distributed logical router bridging
Removal of VXLAN dependency on multicast routing and Protocol Independent
Multicast in the physical network
Suppression of ARP broadcast traffic in VXLAN networks
User world agents: netcpa & vsfwd
Netcpa daemon runs on each ESXi hosts prepared for NSX and it is responsible for sending the MAC address, IP information of each VM to NSX controllers. Received information NSX manager through message bus agent, RabbitMQ server service is responsible running on manager.
vsfwd service runs on each NSX prepared hosts and interacts with NSX manager to retrieve distributed firewall policy rules. Sends audit logs to manager, received information from manager about creation/deletion of DLR, ESG.
NSX Data Plane
The NSX data plane is: NSX vSwitch = vSphere Distribued Switch (VDS) + kernel modules (such as VXLAN, Distributed Logical Router or Firewall). NSX vSwitch provides access-level switching in ESXi host. The logical router provides L2 bridging from the logical networking space (VXLAN) to the physical network (VLAN). The NSX Edge gateway connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as dynamic routing, perimeter firewall, DHCP, VPN, NAT, and Load Balancing.
There are NSX services as follows:
Logical Switches - a distributed switch that can span vSphere clusters. Each mapped to a unique VXLAN and also can be extended to a physical device using an L2 bridge.
Distributed Firewall - a hypervisor kernel-embedded firewall
NSX Extensibility - integration with 3rd-party solutions.