What Is NSX Logical Switching And NSX Logical Routing?

Introduction

As mentioned in section 2.1, logical switching in NSX-V is based on the VXLAN protocol while NSX-T is based on the GENEVE protocol. A logical switch is mapped to a unique VXLAN or GENEVE, which encapsulates the virtual machine traffic and carries it over the physical IP network. The NSX logical switch creates logical broadcast domains (devices connected to the same switch) or segments to which an application or virtual machine can be logically wired. This allows for flexibility and speed of deployment while still providing all the characteristics of a physical network's broadcast domains (VLANs).

What Is NSX Logical Switching And NSX Logical Routing

Both VXLAN and GENEVE protocols help you move to a software-defined data center model. It allows an administrator to provision a virtual machine that can communicate with another virtual machine on a different network without having to configure the physical switches and routers.

You may remember from the section. 2.4 that VXLAN has several advantages over VLAN,

VLAN networks can't be saved, snapshotted, cloned, deleted, or moved, which could negatively impact business continuity in the event of a system failure;

every time a VLAN is extended, a time-consuming physical configuration is needed; by contrast, because VXLAN uses overlay technology, with virtual Layer 2 network is abstracted from the underlying physical network and can be configured and reconfigured very quickly.

What’s more, you can use VXLAN logical switches (which are Layer 2 Ethernet broadcast domains) to cross Layer 3 network boundaries. This allows for virtual machine mobility within the data center (with vMotion) without limitations of the physical Layer 2 (VLAN) boundary.

As discussed in section 2.4, the original Ethernet frame generated by a workload is encapsulated with external VXLAN, UDP, IP, and Ethernet headers to ensure it can be transported across the network infrastructure interconnecting the ESXi hosts.

Each logical switch is relegated a Unique VXLAN numerical identifier. Each logical switch is made as a port gathering on the appropriated switch. Sensible switches can stretch out over various appropriated switches.

VXLAN runs over standard switching hardware and has been embraced by more vendors.

The logical switching capability in the NSX-T platform provides the ability to create isolated logical L2 networks with the same flexibility and agility that exists for virtual machines.

Today, we have routing that is built directly into the host’s hypervisor. With NSX logical routing, we can now connect both virtual and physical endpoints that are located in different logical Layer 2 networks. This is made possible by the separation of physical network infrastructure from logical networks that network virtualization provides.

Network edge security and gateway services (such as DHCP, NAT, Virtual Private Networks - VPN - and load balancing) are provided in NSX-V by what’s known as an NSX Edge. An NSX Edge can be installed as a distributed logical router (DLR), which is a virtual router that can use both the fixed, manually configured network routes of static routing and dynamic routing, where routers communicate with each other updating routes in real-time. An NSX Edge can also be installed as an Edge Services Gateway or ESG (more about ESG will be discussed in the next section).

NSX-V’s DLR provides East-West distributed routing. (East-West refers to traffic within the same data center while in the same NSX environment.) This means that two VMs can be on the same host but different subnets, and still communicate without their traffic having to leave the hypervisor.

By providing the gateway services mentioned above, NSX-V's ESG connects isolated networks to shared uplinks.

NSX-T introduces a two-tiered routing architecture that enables the management of networks at the provider tier (tier-0) and user tier (tier-1). The tier-0 logical router is attached to the physical network for North-South traffic (that is, traffic coming into the data center from the outside world); it handles traffic between the logical and physical networks. The tier-1 router can connect to the tier-0 router via uplinks, that can connect to logical switches and manage east-west communications.

It’s not necessary to use both tiers. A tier-0 logical router can be connected by itself to the physical infrastructure for traffic heading outwards exiting the perimeter network (northbound traffic) and then connect directly to logical switches in the NSX environment for traffic coming into the data center (southbound traffic).

Tier-0 and tier-1 logical routers are both created on transport nodes.

NSX-T supports static routing and the dynamic routing protocol eBGP on tier-0 logical routers. (eBGP stands for External Border Gateway Protocol, and it helps connect the networks of different organizations.) Tier-1 logical routers support static routes but do not support any dynamic routing protocols.

If NSX-T requires services such as NAT or an edge firewall (see section 4.7.1), these can be enabled on Edge nodes. To improve availability, edge nodes can be combined into a cluster.