NSX-T | Glossary of Components

I found below useful definition of NSX-T. Thought to share with all.

Source - VMware Documentation

Control Plane

Computes runtime state based on configuration from the management plane. Control plane disseminates topology information reported by the data plane elements and pushes stateless configuration to forwarding engines.

Data Plane

Performs stateless forwarding or transformation of packets based on tables populated by the control plane. Data plane reports topology information to the control plane and maintains packet level statistics.

External Network

A physical network or VLAN not managed by NSX-T. You can link your logical network or overlay network to an external network through an NSX Edge. For example, a physical network in a customer data center or a VLAN in a physical environment.

Host Transport Node

Hypervisor node that has been registered with the NSX-T management plane and has NSX-T modules installed. For a hypervisor host to be part of the NSX-T overlay, it must be added to the NSX-T fabric.

Edge Transport Node

Edge node that has been registered with the NSX-T management plane. The Edge Transport Node hosts the NSX Service Routers (SR) that are associated with Tier-0 and Tier-1 routers, including Uplink connectivity to External Networks as well as stateful services such as NAT.


Represents a specific configuration that can be associated with an NSX Edge cluster. For example, the fabric profile might contain the tunneling properties for dead peer detection.

Gateway Router

NSX-T routing entity that provides distributed East-West routing. A gateway router also links a Tier-1 router with a Tier-0 router.

Logical Router Port

Logical network port which can attach to either a logical switch segment port or a physical network uplink port. Logical Router Ports are also used to connect the LR to SR services such as Network Address Translation (NAT), Load Balancing, Gateway Firewall, VPN etc.

Segment / Logical Switch

Segments, called logical switches in previous versions of NSX, are API entities that provide virtual Layer 2 switching for both VM and router interfaces. A segment gives tenant network administrators the logical equivalent of a physical Layer 2 switch, allowing a group of VMs to communicate on a common broadcast domain. A segment is a logical entity that exists independent of the underlying infrastructure and spans many hypervisors. It provides network connectivity to VMs regardless of their physical location, allowing them to migrate between locations without requiring any reconfiguration.
In a multi-tenant cloud, many segments can exist side-by-side on the same hypervisor hardware, with each Layer 2 segment isolated from the others. Segments can be connected using gateway routers, and gateway routers can provide uplink ports connected to the external physical network.

Logical Switch Port

Logical switch attachment point to establish a connection to a virtual machine network interface or a logical router interface. The logical switch port reports applied switching profile, port state, and link status.

Management Plane

Provides single API entry point to the system, persists user configuration, handles user queries, and performs operational tasks on all of the management, control and data plane nodes in the system. Management plane is also responsible for querying, modifying and persisting user configuration.

NSX Controller Cluster

Deployed as a cluster of highly available virtual appliances that are responsible for the programmatic deployment of virtual networks across the entire NSX-T architecture. NSX Manager and NSX Controller services both exist in the NSX Controller Cluster.

NSX Edge Cluster

Collection of NSX Edge node appliances that are logically grouped for high-availability monitoring.

NSX Edge Node

Component that provides computational power to deliver IP routing and IP services functions. Service Routers (SR), used for Uplink connectivity and stateful services, are provisioned on Edge node appliances.

NSX-T Hostswitch or KVM Open vSwitch (OVS)

Software that runs on the hypervisor and provides physical traffic forwarding. The hostswitch or OVS is invisible to the tenant network administrator and provides the underlying forwarding service that each logical switch relies on. To achieve network virtualization, a network controller must configure the hypervisor hostswitches with network flow tables that form the logical broadcast domains the tenant administrators defined when they created and configured their logical switches.
Each logical broadcast domain is implemented by tunneling VM-to-VM and VM-to-logical router traffic, using the tunnel encapsulation protocol Geneve. The network controller has a global view of the data center and ensures that the hypervisor hostswitch flow tables are updated as VMs are created, moved or removed.

NSX Manager

Management function that exists as a component of the NSX Manager Cluster. In prior versions of NSX, the NSX Manager was a dedicated virtual appliance. As of NSX-T 2.4, the NSX Manager function and Controller Cluster functions are consolidated into a single cluster called the NSX Manager Cluster.

Open vSwitch (OVS)

Open source software switch that acts as a hypervisor hostswitch within XenServer, Xen, KVM and other Linux-based hypervisors. NSX Edge switching components are based on OVS.

Overlay Logical Network

Logical network implemented using Layer 2-in-Layer 3 tunneling such that the topology seen by VMs is decoupled from that of the physical network.

Physical Interface (pNIC)

Network interface on a physical server that a hypervisor is installed on.

Tier-0 (T0) Logical Router

Provider gateway router is also known as Tier-0 gateway router, and interfaces with the physical network. Tier-0 gateway router is a top-tier router and can be configured as an active-active or active-standby cluster of service routers. The gateway router runs BGP and peers with physical routers via the service router. In active-standby mode, the gateway router can also provide stateful services.

Tier-1 (T1) Gateway Router

Tier-1 gateway router is the second tier router that connects to one Tier-0 gateway router for northbound connectivity, and one or more overlay networks for southbound connectivity. Tier-1 gateway router can also be configured in an active-standby cluster of services when the router is configured to provide stateful services.

Transport Zone

Collection of transport nodes that defines the maximum span of logical switches. A transport zone represents a set of similarly provisioned hypervisors, and the logical switches that connect VMs on those hypervisors.

VM Interface (vNIC)

Network interface on a virtual machine that provides connectivity between the virtual guest operating system and the standard vSwitch or vSphere Distributed Switch. The vNIC can be attached to a logical port. You can identify a vNIC based on its Unique ID (UUID). The vNIC is equivalent to a network interface card (NIC) on a physical machine.


Tunnel End Point. Tunnel endpoints enable hypervisor hosts to participate in an NSX-T network overlay. The NSX-T overlay deploys a Layer 2 network over an existing physical network fabric by encapsulating frames inside of packets, and transferring the encapsulated packets over the underlying transport network. The underlying transport network can consist of either Layer 2 or Layer 3 networks. The TEP is the connection point at which encapsulation and decapsulation takes place.

VIrtual Network Interface (VNI)

The network identifier associated with a given logical switch. As Layer 2 segments are created in NSX, an associated VNI is allocated. This VNI is used in the encapsulated overlay packet, and facilitates Layer 2 separation.

Thank you,


Post a Comment