Network virtualization holds out many advantages to customers as they are able to take advantage of the software-defined networking capabilities afforded by SDN.

Network virtualization such as VMware’s NSX-T allows customers to be able to have all the really great advantages that come with virtualization in general that most are familiar with such as having the ability to quickly and easily connect to different networks. These can be VLAN backed networks that virtual machines are plumbed into as quickly and easily as unplugging and plugging in cables into a physical switch.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Table of Contents

1. VMware NSX-T Logical Routers

2. Logical Router Components

3. Final Thoughts

Download Banner

VMware NSX-T logical switching allows the ability to have stretched layer2 connectivity across hosts that may exist in different layer 3 subnets and are routed in between. The logical components of the NSX-T ecosystem are what make this communication possible.

In this post, we will take a look at VMware NSX-T logical routing, its components, and use cases.

As mentioned, the Logical Switches construct with NSX-T is the mechanism that allows “logical” networks to be configured across hosts that are part of the same Transport Zone and allows any virtual machines that are connected to these logical switches to be able to communicate. This is regardless of the layer 3 networks the hosts themselves may exist on.

In other words, you can have a set of hosts in a vSphere cluster in one data center and another set of hosts in a different vSphere cluster physically located in a different datacenter configured with the same logical switch. This would allow virtual machines connected to this logical switch in both datacenters to be able to communicate via the same layer 2 broadcast domain. In fact, logical switches are referred to as a “virtual wire” such as a wire stretched between two locations to connect virtual machines to the same network. The Logical Switch provides network connectivity for east-west traffic (traffic between different networks among the same tenant).

The logical switching technology found in NSX-T allows the successful decoupling of the logical network from the underlying physical network architecture and infrastructure. There are many advantages to this approach when compared to traditional network administration. Local switching is a great example of this decoupling of logical from physical put into practice. To stretch a layer 2 broadcast domain or VLAN using traditional network means is no small feat, especially between routers. Special routing technologies must be put in place and other additional complexities would have to be configured to allow this type of network connectivity. Additionally, in many organizations in addition to the virtualization team, the networking team would need to be involved.

NSX-T allows keeping the configuration and provisioning of networking simple by allowing this type of connectivity to be fully configured at the virtual networking layer. This means the networking team does not need to be involved with provisioning new networks and no physical network devices need to have configuration changes made. This reduces complexities and increases the agility of network creation since often, physical device network changes must be made in maintenance windows and with many sign-offs.

There are many use cases as you could imagine to using NSX-T Logical Switches. Extending networks across routed layer 3 underlay networks can serve many purposes. This could be anything from supporting legacy applications that need to exist on the same broadcast domain to disaster recovery purposes where you want to be able to recover VMs in a different location with the same IP addresses.

VMware NSX-T Logical Routers

The VMware NSX-T Logical Router is the entity that allows traffic to flow north/south and egress out to public networks. The Logical Router is a virtualized device that is distributed across the ESXi hosts kernel which makes it scale extremely well.

Within NSX-T, there is the concept of tiering routing topologies so that multiple tenants can be given control of their own routing services and policies and NSX-T administrators can control services and policies above the tenant layer.

This structure is as follows:

  • Tier-0 Logical Router – Top-tier router that interfaces with the actual physical network in the north end of the Tier-0 interfaces. This is where dynamic routing protocols can be configured to exchange routing information with physical routers. The south side of the Tier-0 routing topology connects to the Tier-1 routing layers of the tenant routing topologies and receives routing information from them. The Tier-0 routing layer pushes the default information to the Tier-1 routing layer
  • Tier-1 Logical Router – The northbound interfaces of the Tier-1 layer connect up with the Tier-0 layer for public networks access, while the southbound interfaces hook into the Logical Switches that are created by tenant administrators

Note – If there is no need for the Tier-1 layer such as environments where there is only one tenant, the Tier-0 layer can simply be connected up directly to the Logical Switches.

Service-and-Distributed-Routers-in-NSX-T-environment

Service and Distributed Routers in NSX-T environment (image courtesy of VMware)

  • Distributed Router (DR) – This component spans hypervisors that have virtual machines connected to the logical router and edge nodes the logical router is bound to. This component is what makes the one-hop distributed routing between logical switches to the logical routers possible
  • Service Routers (SR) – This component delivers the services that are not possible in a distributed fashion such as stateful Network Address Translation or NAT

A couple of things to note about the DR and SR components.

The logical router always has a DR but not necessarily an SR. The SR component is required when:

  • The Logical Router is a Tier-0 router
  • The Logical Router is Tier-1 and is connected to a Tier-0 router with services that are not today distributed

What are these?

  • Physical infrastructure connections
  • NAT
  • DHCP
  • MetaData Proxy
  • Edge Firewall
  • Load Balancer

The logical components of the NSX-T landscape allow effectively providing logical network infrastructure that makes communication possible despite the underlying physical network components that may be in play or the routing of physical networks in between the physical vSphere cluster hosts.

Additionally, the distributed nature of the NSX-T environment allows efficiently and effectively scaling and performance of the network due to its virtual constructs.

There are some aspects of the Logical Router layer that are not distributed, such as DHCP, NLB, NAT, and others.

Final Thoughts

VMware’s NSX-T platform is a powerful network virtualization platform that provides the ability to overlay logical networks on top of the physical network underlay that has all the characteristics of physical network topologies with many more powerful benefits.

Using network virtualization, customers can effectively have benefits of placing networks anywhere (relatively speaking) and having those networks stretched or connected as needed. Logical Switches allow connecting virtual machine to the same broadcast domain and communicate with each other, even though the physical ESXi hosts may be in separate datacenters with different underlying physical networks, subnets, and routing in place.

NSX-T Logical Routing has effective means to set up and configure virtual network topologies for multi-tenant environments. It does this with the tiering of routing components.

Tier-0 connects to public networks controlled by NSX administrators, while tier-1 connects to tenant networks that allow tenant administrators to control policies and services for their particular organizations. VMware NSX-T provides many capabilities for modern enterprise networking needs that allow agility, programmability, automation, security, and versatility in today’s hybrid cloud environments. This allows supporting both legacy applications as well as the networking needs of modern distributed applications both on-premises and in the cloud.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post