5 Replies Latest reply on Dec 19, 2018 10:08 PM by vSohill

    NSX Design

    vSohill Hot Shot



      Get a design question from our customer. The customer will design 3 clusters, Management, Edge and Compute. Management cluster consumers are vCenter NSX manager and other vRealize components. The customer will connect the Management cluster to the management network only. The edge will be connected to the Payload network and the management network. Do we need connection between the Management cluster and the Payload network. The transport zone is running over the payload network.

        • 1. Re: NSX Design
          lhoffer Expert
          vExpertVMware Employees

          The management network does not need to be able to reach the subnets/VLANs that'll carry your overlay traffic if that's what you're asking.  You can get a full list of the ports and protocols used between the various components for NSX-V in the Ports and Protocols Required by NSX section of the upgrade guide.  If you're talking about NSX-T, you can get the same info in the Ports and Protocols section of the install guide.

          • 2. Re: NSX Design
            spirest Novice
            VMware Employees

            The only real requirement for NSX reachability is that your NSX manager can talk to vcenter. And your NSX manager can talk to your controllers AND the management port of all esxi hosts.


            Many customer will put NSX Manager, vCenter, Controllers and ESX all the same /24 subnet. If the customer has a large number of ESXI hosts they may expand into another management subnet, but still need reachability.


            This article has a diagram with very basic requirements. There are more detailed diagrams floating around out there, but this one answers you question. VCP-NV: A (Quick) Look at VMware NSX Architecture


            As mentioned by someone else already. There is no communication requirement for your VTEP/VXLAN vmk ports and the rest of NSX. The only thing a VTEP needs to be able to talk to, is the VTEP of whatever host it needs to send traffic to. Most VTEP/VXLAN networks are completely isolated to a single layer 2 segment.

            • 3. Re: NSX Design
              vSohill Hot Shot

              Thanks the quick answer

              If the controllers located with vCenter  on the management cluster on the same network.Edge gateway located on edge cluster on different network, no network connection between Edge and Controllers neither vCenter. Management cluster will have up-links to management and vMotion and Management workload. Will it work ?

              • 4. Re: NSX Design
                spirest Novice
                VMware Employees

                Edges are configured VIA the host they live on and do not require direct connectivity to the NSX manager. I misspoke previously. The NSX manager doesn't need to talk to your ESG directly, it just needs to be able to talk to the host your ESG lives on. I just finished a deployment last week where many ESGs were totally isolated from the network, but I still configured them successfully.


                My assumption is that when NSX configures an ESG, it does so via the ESX host management port. Then ESX relays that configuration to the ESG via vmware tools, which is automatically installed on ESGs.


                In short - What you described with your ESG will work just fine so long as the edge cluster ESXi hosts are prepped and talking to NSX!

                • 5. Re: NSX Design
                  vSohill Hot Shot

                  Thank you,