VMware NSX-T Logical Routing

Today we are going to talk about the logical routing in the VMware NSX-T environment. As many of you know that the logical routing capability in the NSX-T platform provides the ability to interconnect both virtual and physical workloads deployed in different logical L2 networks. 

VMware NSX-T enables the  creation of network elements like segments (Layer 2 broadcast domain) and gateways (routers)  in software as logical constructs and embeds them in the hypervisor layer, abstracted from the  underlying physical hardware.

Fig 1.1- Logical router components in VMware NSX-T

Single Tier Routing 
NSX-T Gateway provides optimized distributed routing as well as centralized routing and services like NAT, Load balancer, DHCP server etc. A single tier routing topology implies that a Gateway is connected to segments southbound providing E-W routing and is also connected to physical infrastructure to provide N-S connectivity. 

This gateway is referred to as Tier-0 Gateway.Tier-0 Gateway consists of two components: 

  • Distributed routing component (DR) 
  • Centralized services routing component (SR)

Distributed Router (DR)
A DR is essentially a router with logical interfaces (LIFs) connected to multiple subnets. It runs as a kernel module and is distributed in hypervisors across all transport nodes, including Edge nodes. 

The traditional data plane functionality of routing and ARP lookups is performed by the logical interfaces connecting to the different segments. 

Each LIF has a vMAC address and an IP address representing the default IP gateway for its logical L2 segment. The IP address is unique per LIF and remains the same anywhere the segment/logical switch exists. 

The vMAC associated with each LIF remains constant in each hypervisor, allowing the default gateway and MAC to remain the same during vMotion.

Centralized services routing component (SR)
East-West routing is completely distributed in the hypervisor, with each hypervisor in the transport zone running a DR in its kernel. However, some services of NSX-T are not distributed,  including, due to its locality or stateful nature:

  • Physical infrastructure connectivity
  • NAT and DHCP server
  • Load Balancer and VPN
  • Gateway Firewall and Bridging
  • Service Interface
  • Metadata Proxy for OpenStack

The appliances where the centralized services or SR instances are hosted are called Edge  nodes. An Edge node is the appliance that provides connectivity to the physical infrastructure.

No comments