NSX-T architecture is based on three building blocks, Management Plane, Control Plane, and Data Plane.
Management Plane holds the desired configuration. As its name implies, the whole NSX-T environment can be managed via the management plane which provides an entry point to users and APIs . The main component of the Management Plane is the NSX-T Manager.
Control Plane holds the runtime state of the NSX-T environment . Like any other network environment with a control plane, NSX-T Control Plane is responsible for maintaining peering adjacencies, populating control plane tables (routing table for instance) and also learning and re-populating information from the data plane (like MAC addresses, etc.) The main component of the NSX-T Control Plane is the Controller Cluster which we will discuss later in this post. NSX-T splits the control plane into two parts:
1- Central Control Plane (CCP). The CCP is implemented as a cluster of CCP virtual machines or CCP Nodes. These nodes are logically separated form the data plane so a failure of these nodes does not have an impact on the traffic flow .
2- Local Control Plane (LCP). The LCP is the control plane part which is implemented in Transport Nodes. The LCP is responsible for programming distributed modules inside these nodes based on the information it gets from the CCP.
Data Plane is where the data actually flows. Packets are forwarded in the Data Plane based on the tables populated by the Control Plane . Data flows inside, from, to, or through Transport Nodes. So Transport Nodes are the main components of the NSX-T Data Plane. LCP modules (control plane daemons and forwarding engine) are instantiated and run in Transport Nodes . Transport Nodes run and instance of NSX Virtual Distributed Switch or N-VDS. There are in general two types of Transport Nodes:
- Hypervisor Transport Nodes: these are hypervisors on which workloads run. VMware ESXi and KVM are currently supported by NSX-T as hypervisors . Note that the N-VDS implementation on KVM hypervisors is based on OVS.
- Edge Nodes: these are service appliances which run central services. Central services are the ones which cannot be distributed to hypervisors, think of NAT, VPN, etc. Edge nodes can be bare metal servers or virtual machines.
- BareMetal Transport Nodes: these are mostly Linux based machines. An NSX agent is installed on BareMetal servers instead on and N-VDS.
NSX-T Manager Appliance
Starting NSX-T 2.4, NSX Manager appliance is deployed in a cluster of 3 nodes, instances of controller, policy manager and of course NSX manager coexist in one virtual machine, the NSX Manager Appliance.
Differences in architecture and components between NSX-v and NSX-T
| Plane/Platform | NSX-v | NSX-T |
|---|---|---|
| Management Plane | One NSX Manager. Management and operations via vCenter | 3 Manager Appliances, combined with Controller and Policy roles. Management and operations through NSX Manager |
| Control Plane | Controller VMs with controller function only | Controller and Manager functions combined in one VM (3 VMs in a cluster) |
| Data Plane | Supports ESXi hypervisors. Based on vSphere Distributed Switch. | Supports ESXi and KVM. Based on N-VDS |
Latest Reactions