The preparation for network routing services can be understood to follow these rules:
- The Application Virtual Network in the management domain, and any future workload domains planned for NSX, will require peering with upstream BGP neighbors to sync routing tables and enable external access.
- There is a single management network shared by both VxRail and Cloud Foundation. This network enables connectivity to key management components such as SDDC Manager, NSX Manager and VxRail Manager. This VLAN-backed network must be configured to pass upstream to data center services such as DNS, and NTP, and end-users at the Layer 2/3 boundary.
Figure 55. Comparison of upstream connectivity for Cloud Foundation on VxRail
- The VxRail vSAN network can be configured with either a public IP subnet or a private IP subnet. A public IP subnet will support the extension of a VxRail cluster vSAN datastore across racks using Layer 3 services, and is the recommended option.
- The VxRail vMotion network can also be configured with either a public IP subnet or a private IP subnet. Like the vSAN network, a public IP subnet will expand support for VM migrations across racks using Layer 3 services.
- The VxRail nodes supporting a workload domain participate in the same overlay network, known as the ‘NSX Host Overlay Network’, which enables the virtual machines on these different nodes to use the overlay network for communication purposes. The VxRail nodes connected to this overlay network must be able to communicate with each other, and this network must be routable to the ‘NSX Edge Overlay Network’.
- The NSX edge nodes supporting gateway services connect to the ‘NSX Edge Overlay Network, and this network must be routable. The NSX host overlay network and NSX edge overlay network are routed to each other.
After the initial deployment of the management domain, the VI workload domains that require NSX depend on the configuration of at least one NSX edge cluster for upstream connectivity. This edge cluster will include two additional NSX edge nodes that must peer with upstream routers running BGP to enable external network access. Any additional VI workload domains can share an existing edge cluster, or a new edge cluster can be deployed to support NSX networking.