NSX-T Controller (Control Plane)
NSX-T Controller maintains the realized state of the system and configures the Data Plane. NSX-T Contoller’s main functions include;
- Providing Control Plane functionality such as Logical Switching, Routing and Distributed Firewall
- Computing all ephemeral runtime states based on the configuration from the Management Plane
- Disseminating topology information reported by the Data Plane elements
- Pushing stateless configurations to forwarding engines
Control Plane Components
- NSX-T Data Center, the Control Plane is split into the Central Control Plane (CCP) and Local Control Plane (LLP)
- The CCP exists as part of the NSX-T Manager Nodes and is offered by the NSX-T Controller Role
- The LCP exists on Host Transport Nodes (ESXi, KVM Nodes) or on NSX-T Edge Trasport Nodes
- The CCP and LCP perform different functions; The CCP, Computes the ephemeral runtime state based on the configuration from the Management Pane and disseminates information reported by the Data Plane elements using LCP. The LCP, Monitors Local Link status, Computes most ephemeral runtime states based on updates from the Data Plane and the CCP. Furthermore pushes stateless configurations to forwarding engines
Control Plane Change Propagation
- The CCP receives the configuration information from NSX-T Manager and propagates the information to the LCP of the Transport Nodes
- The LCP on each Transport Node interacts with the CCP. If a change occurs, the LCP on the Transport Node notifies its assigned CCP, which further propagates these changes to the Transport Nodes
Control Plane Shading Function
The NSX-T Management Cluster includes a three nodes CCP. The Control Plane uses a Sharding Mechanism to distribute workloads.
- Each Transport Node is assigned to a particular Controller for L2 and L3 configuration and Distributed Firewall Rule distribution
- Each controller receives configuration updates from the Management and Data Planes but maintains only the relevant information on the nodes that it is assigned to
- Each Transport Node is controlled by one of the Controller Node in NSX-T Manager Cluster (Controller Node Cluster). It Track which VM is running on which Host and which TEP can be used to reach each VM
How does the Controler Node/ Controller Failure Handle?
When a Controller fails, its load is distributed.
- The sharding table is recalculated to redistribute the load among the remaining Controller Nodes
- This recalculation provides high availability and dual-active prevention
- The traffic in the Data Plane continues to flow without being affected
NSX-T Policy (Policy Role)
The Policy Role performs several functions.
- It is deployed as part of the NSX-T Manager appliance and NSX-T Manager is the only supported enforcement point
- Provides a centralized location for configuring Networking and Security across the environment
- Enables users to enter the intended configuration in the NSX-T Manager simplified UI
- Enables users to specify the final desired state of the system without being concerned about the current state or underlying implementation
- Mapping between Policy and Manager Roles is one to one
Centralized Policy Management
NSX-T Data Plane
The Data Plane forwards packets based on configurations populated by the Control Plane and reports topology information to the Control Plane. The Data Plane has the following responsibilities;
- Maintains the status of and handles failover between multiple Links or Tunnels
- Perform stateless forwarding based on Tables and Rules populated by the Control Plane
- Maintains Packet Level statistics
NSX-T Data Plane Components
Types of Data Plane Components referred to as Transport Nodes include;
- Act as Forwarding Plane for VM traffic
- Provides support for ESXi and KVM Hypervisors
- Bare Metal Transport Nodes, include Linux based workloads running on Bare Metal Servers and Containers running on Bare Metal Servers without Hypervisor
- NSX-T Edge Cluster, Contains Edge Transport Nodes (VM or Bare Metal). Provides Stateful and Gateway Services
