The foundational core components of NSX are divided across three different planes. The core components of a NSX deployment consist of an NSX manager, controller clusters, and hypervisor kernel modules. Each of these is crucial for your NSX deployment; however, they are decoupled to a certain extent allowing for resiliency during failure of multiple components. For example, if your controller clusters fail, your virtual machines will still be able to communicate with each other without any network disruption. You have to always ensure that NSX components are always deployed in a clustered environment so they are protected by vSphere HA.

The high-level architecture of NSX primarily describes three different planes wherein each of these core components fits in. They are the Management Plane, the Control Plane, and the Data Plane. The following figure represents how the three planes are interlinked with each other. The management plane is how an end user interacts with NSX as a centralized access point while the data plane consists of north-south or east-west traffic:

Notice the consumption platform. The consumption platform allows NSX to interface with multiple cloud management platforms that an organization puts in place so end users can use NSX without having to access the core NSX manager. NSX has RESTAPIs that can enable rich integration with any cloud management platform:

• Management plane: The management plane primarily consists of the NSX manager. The NSX manager is a centralized network management component and primarily allows for a single management point. It also provides the REST API that a user can use to perform all NSX functions and actions. During the deployment phase, the management plane is established when the NSX appliance is deployed and configured. This management plane directly interacts with the control plane and also the data plane. The NSX manager is then managed via the vSphere web client and CLI. The NSX manager is configured to interact with vSphere and ESXi and, once configured, all of the NSX components are then configured and managed via the vSphere web GUI.

It is important to note that the preceding holds true even for a cross-vCenter environment. In a cross-vCenter environment, there are a primary and a secondary NSX manager. The primary manager is responsible for all the universal components such as universal logical switches and universal firewall rules. The secondary manager is responsible for components that are deployed locally to its vCenter.

• Control plane: The control plane consists of the NSX controller that manages the state of virtual networks. NSX Controllers also enable overlay networks (VXLAN) that are multicast-free, making it easier to create new VXLAN networks without having to enable multicast functionality on the physical switches. The controllers also keep track of all information about the virtual machines, hosts, and VXLAN networks and can perform ARP suppression as well. No data passes through the control plane and the lack of controllers does not affect network functionality between virtual machines.

• Data plane: The NSX data plane primarily consists of the NSX logical switch. The NSX logical switch is part of the vSphere distributed switch and is created when a VXLAN network is created. The Logical switch and other NSX services are enabled at the hypervisor kernel level after the installation of the hypervisor kernel modules (VIBs). This logical switch is key in enabling overlay networks that are able to encapsulate and send traffic over existing physical networks. It also allows for gateway devices that allow L2 bridging between virtual and physical workloads.

The data plane receives its updates from the control plane as hypervisors maintain local virtual machine and VXLAN (Logical switch) mapping tables we well. The loss of data plane will cause the loss of the overlay (VXLAN) network as virtual machines that are part of a NSX logical switch will not be able to send and receive data.