NSX-T | Glossary of Components

I found below useful definition of NSX-T. Thought to share with all.

Source - VMware Documentation

Control Plane

Computes runtime state based on configuration from the management plane. Control plane disseminates topology information reported by the data plane elements and pushes stateless configuration to forwarding engines.

Data Plane

Performs stateless forwarding or transformation of packets based on tables populated by the control plane. Data plane reports topology information to the control plane and maintains packet level statistics.

External Network

A physical network or VLAN not managed by NSX-T. You can link your logical network or overlay network to an external network through an NSX Edge. For example, a physical network in a customer data center or a VLAN in a physical environment.

Host Transport Node

Hypervisor node that has been registered with the NSX-T management plane and has NSX-T modules installed. For a hypervisor host to be part of the NSX-T overlay, it must be added to the NSX-T fabric.

Edge Transport Node

Edge node that has been registered with the NSX-T management plane. The Edge Transport Node hosts the NSX Service Routers (SR) that are associated with Tier-0 and Tier-1 routers, including Uplink connectivity to External Networks as well as stateful services such as NAT.


Represents a specific configuration that can be associated with an NSX Edge cluster. For example, the fabric profile might contain the tunneling properties for dead peer detection.

Gateway Router

NSX-T routing entity that provides distributed East-West routing. A gateway router also links a Tier-1 router with a Tier-0 router.

Logical Router Port

Logical network port which can attach to either a logical switch segment port or a physical network uplink port. Logical Router Ports are also used to connect the LR to SR services such as Network Address Translation (NAT), Load Balancing, Gateway Firewall, VPN etc.

Segment / Logical Switch

Segments, called logical switches in previous versions of NSX, are API entities that provide virtual Layer 2 switching for both VM and router interfaces. A segment gives tenant network administrators the logical equivalent of a physical Layer 2 switch, allowing a group of VMs to communicate on a common broadcast domain. A segment is a logical entity that exists independent of the underlying infrastructure and spans many hypervisors. It provides network connectivity to VMs regardless of their physical location, allowing them to migrate between locations without requiring any reconfiguration.
In a multi-tenant cloud, many segments can exist side-by-side on the same hypervisor hardware, with each Layer 2 segment isolated from the others. Segments can be connected using gateway routers, and gateway routers can provide uplink ports connected to the external physical network.

Logical Switch Port

Logical switch attachment point to establish a connection to a virtual machine network interface or a logical router interface. The logical switch port reports applied switching profile, port state, and link status.

Management Plane

Provides single API entry point to the system, persists user configuration, handles user queries, and performs operational tasks on all of the management, control and data plane nodes in the system. Management plane is also responsible for querying, modifying and persisting user configuration.

NSX Controller Cluster

Deployed as a cluster of highly available virtual appliances that are responsible for the programmatic deployment of virtual networks across the entire NSX-T architecture. NSX Manager and NSX Controller services both exist in the NSX Controller Cluster.

NSX Edge Cluster

Collection of NSX Edge node appliances that are logically grouped for high-availability monitoring.

NSX Edge Node

Component that provides computational power to deliver IP routing and IP services functions. Service Routers (SR), used for Uplink connectivity and stateful services, are provisioned on Edge node appliances.

NSX-T Hostswitch or KVM Open vSwitch (OVS)

Software that runs on the hypervisor and provides physical traffic forwarding. The hostswitch or OVS is invisible to the tenant network administrator and provides the underlying forwarding service that each logical switch relies on. To achieve network virtualization, a network controller must configure the hypervisor hostswitches with network flow tables that form the logical broadcast domains the tenant administrators defined when they created and configured their logical switches.
Each logical broadcast domain is implemented by tunneling VM-to-VM and VM-to-logical router traffic, using the tunnel encapsulation protocol Geneve. The network controller has a global view of the data center and ensures that the hypervisor hostswitch flow tables are updated as VMs are created, moved or removed.

NSX Manager

Management function that exists as a component of the NSX Manager Cluster. In prior versions of NSX, the NSX Manager was a dedicated virtual appliance. As of NSX-T 2.4, the NSX Manager function and Controller Cluster functions are consolidated into a single cluster called the NSX Manager Cluster.

Open vSwitch (OVS)

Open source software switch that acts as a hypervisor hostswitch within XenServer, Xen, KVM and other Linux-based hypervisors. NSX Edge switching components are based on OVS.

Overlay Logical Network

Logical network implemented using Layer 2-in-Layer 3 tunneling such that the topology seen by VMs is decoupled from that of the physical network.

Physical Interface (pNIC)

Network interface on a physical server that a hypervisor is installed on.

Tier-0 (T0) Logical Router

Provider gateway router is also known as Tier-0 gateway router, and interfaces with the physical network. Tier-0 gateway router is a top-tier router and can be configured as an active-active or active-standby cluster of service routers. The gateway router runs BGP and peers with physical routers via the service router. In active-standby mode, the gateway router can also provide stateful services.

Tier-1 (T1) Gateway Router

Tier-1 gateway router is the second tier router that connects to one Tier-0 gateway router for northbound connectivity, and one or more overlay networks for southbound connectivity. Tier-1 gateway router can also be configured in an active-standby cluster of services when the router is configured to provide stateful services.

Transport Zone

Collection of transport nodes that defines the maximum span of logical switches. A transport zone represents a set of similarly provisioned hypervisors, and the logical switches that connect VMs on those hypervisors.

VM Interface (vNIC)

Network interface on a virtual machine that provides connectivity between the virtual guest operating system and the standard vSwitch or vSphere Distributed Switch. The vNIC can be attached to a logical port. You can identify a vNIC based on its Unique ID (UUID). The vNIC is equivalent to a network interface card (NIC) on a physical machine.


Tunnel End Point. Tunnel endpoints enable hypervisor hosts to participate in an NSX-T network overlay. The NSX-T overlay deploys a Layer 2 network over an existing physical network fabric by encapsulating frames inside of packets, and transferring the encapsulated packets over the underlying transport network. The underlying transport network can consist of either Layer 2 or Layer 3 networks. The TEP is the connection point at which encapsulation and decapsulation takes place.

VIrtual Network Interface (VNI)

The network identifier associated with a given logical switch. As Layer 2 segments are created in NSX, an associated VNI is allocated. This VNI is used in the encapsulated overlay packet, and facilitates Layer 2 separation.

Thank you,

PS | How to install VMware Modules in Powershell

Hi Guys,

I was getting few questions from people on how to install NSX module, vCD module and even powercli module in powershell. So, I thought to create one stop portal for all kind of modules's installation.

Below are the command to install these three modules when you have active internet connection

Below is the way to install these modules when you don't have active internet connection 

It is most likely useful where internet is not allowed intentionally but you need these modules there. so,

  1. To install PowerNSX, download the zip file and paste it to "C:\Windows\System32\WindowsPowerShell\v1.0\Modules" and then run the command
    Install-Module PowerNSX # as shown in above image
  2. To install VMware.PowerCLI, download the zip file and paste it to "C:\Windows\System32\WindowsPowerShell\v1.0\Modules" and then run the command
  3. To install VMware-vCD-Module, download the zip file and paste it to "C:\Windows\System32\WindowsPowerShell\v1.0\Modules" and then run the command

Let me know if you want me to add more in the list. I would like to see comment if anyone want to know the same for other Modules as well.

Thank you,

, ,

PowerNSX | Add mulitple static route in NSX Edge

Good Day Folks,

During one of the activity, I had a requirement to put multiple (20-25) static routes on NSX edge and doing it one by one and manually is a headache, you know that. right?

So, I thought to do it through power NSX. Below is the code-

#Start here

Connect-NSXServer -NSXserver
$nsxedges = (Get-nsxedge -objectid edge-3).id
$subnets = '',''      #add all the network which you want to add in static route
$nexthop = ''

Foreach($subnet in $subnets){
Foreach($nsxedge in $nsxedges){

Get-NsxEdge -ObjectId $nsxedge | Get-NsxEdgerouting | New-NsxEdgeStaticRoute -vNic 0 -Network $subnet -NextHop $nexthop -MTU 9000 -AdminDistance 1 -Confirm:$false
#End here

Refer to below output for an example

Hope it will help you. Let me know if any doubt or any error.

Thank you,

NSX | Working with GRE tunnels

Hi Folks,

I found very few article on GRE tunnel creation in NSX so, thought to contribute :) I'll be happy if it is useful for you!

So, first of all GRE creation is not possible in vCenter NSX GUI. It can only be created via API tool,
Starting from version 6.4.

Let's explore how to use NSX API and how to create GRE tunnel.

Step 1 - Download and install any Rest API client. It can be Postman\Insomnia\Advance Rest Api or any other and open it.

Step 2 -  Connect NSX Manager in your API client and get edge-id of your target edge (If you don't know already)

- 2.1 Connect NSX Manager by giving header and authentication information

Feed header info as shown below-

 And authentication as below-

- 2.2 First, Get your edge-id with below api query if you don't know already. Put NSX manager IP address like, https://NSX_MGR_IP/api/4.0/edges (It will populate all edges in your NSX environment)

You should get 200 OK response as shown below. Copy the output and paste into some notepad++ kind of app and search the name of your target edge

Just like below

Now you know the edge id of target edge. If you know how to, then you can also get it on vCenter GUI as well. right?

Now, use below text, copy it and modify as per your configuration and paste it in RestAPI "Body" as shown in below image.

<description>Gre Tunnel</description>

As shown below- Please note the differences and references given in below snippet.

Now when you will click on Send, it will create a GRE tunnel.

Note that GRE tunnel doesn't visible in current versions of NSX and might be in future version.

To test if it is created successfully, there are below ways-

1. After clicking on Send button in last step, you should have 200 OK reply
2. Login NSX edge CLI and ping the destination IP address in your tunnel configuration => If pinging then all okay otherwise check the source\destination and tunnel IP address detail.
3. Again send the GET api call to retrieve vpn tunnels and check if it shows the detail of GRE tunnel.
4. You can also run a command in ESG CLI "show configuration GRE"

Now, it was about creation. If you want to delete it then simple, use below api call.

DELETE https://NSX_IP/api/4.0/edges/{edgeId}/tunnels/{tunnelId}

It will delete only that tunnel whose tunnel id is given. In above command edgeid and tunnelid needs to be given. If you don't know what is tunnelid, give your comment. I will help you out.

That's all Guys!!

Any doubt, feel free to write me up.

Thank you,

NSX | Hardware VTEP integration with Arista

Hi Guys,

Recently I got opportunity\challenge to configure the hardware VTEP integration with Arista where overlay is NSX.

After some web-search, I got below URL which explain the exact steps and in very clear and good way. It helped me a lot to configure the CVS on Arista and integrate it on my NSX environment. If you are too looking form similar kind of configuration then it might be useful for you.

Have a look.


Thank you,

PS | How to change vNIC of all VMs inside a portgroup

This was the requirement during a network migration from physical to NSX. You might know that changing the VM's network (from VLAN portgroup to VXLAN portgroup) is essential part of this migration. But the challenges are
  1. There are around 500 VMs and doing it manually is a headache. 
  2. Many VMs have multiple NICs so we cannot simply give source of a VM and change the NIC. For example, 

$TPortgroup = Read-host "Enter the name of target Portgroup here "
foreach($VM in (Get-Content C:\temp\vmlist.txt)){Get-VM -Name $VM | Get-NetworkAdapter | Set-NetworkAdapter -NetworkName $TPortgroup

Above command will change all the NICs of this VM1. Solution is

Get-Cluster 'ClusterName' | Get-VM |Get-NetworkAdapter |Where {$_.NetworkName -eq 'Source PG Name' } |Set-NetworkAdapter -NetworkName 'vxw-dvs-48-universalwire-VXLAN PG Name' -Confirm:$false

Above command will target only those Network Adapter which belongs to 'Source PG Name' and will change the PG for on this network adapter. Any doubt? Feel free to comment.

Thank you,
Team vCloudNotes