VMware Cloud Foundation supports a network flexible architecture. Customers can choose switches that meet their organization’s standard and scalability requirements. There is also increased flexibility in network configurations permitting customers to configure VLANs and other settings without fear of disrupting SDDC Manager’s automation or configuration. SDDC Manager does not require access to the physical network layer. Switches are manually configured by the customer’s network team or by the professional services engineer, if this part of implementation is also covered with a custom services engagement.

There are multiple VMware Cloud Foundation on VxRail network topology options. The choice of topology design depends on preferred outcomes. The most common network topology for VMware Cloud Foundation on VxRail follows a standard spine-leaf architecture. Decisions are required to determine where VLANs from the platform’s workload domains will terminate in the supporting physical network layer. Users must also determine the Layer 2 and Layer 3 boundary in multi-rack deployments.

For more detailed documentation on network design options, see the VxRail Network Planning Guide and Architecture Guides and the Dell Networking Guides on the VxRail Knowledge Center and Dell support portal. For more information, see Appendix A: References.

Figure 23.    VMware Cloud Foundation on VxRail example network topology options

VxRail node networks for a cluster spanning additional racks can share same IP subnet (non-routable) or assigned a different IP subnet (routable). This provides even more network configuration flexibility for customers.

VMware introduces Application Virtual Networks (AVN) in version 4.0 of the VMware Cloud Foundation platform. The AVN enables linkage for the vRealize Suite cloud management components and enables connectivity to the upstream external network. The vRealize components, including vRealize Log Insight, vRealize life cycle manager (LCM), vRealize Operations Manager and vRealize Automation, connect to the AVN when deployed (AVN deployment is optional).

Figure 24.    Application Virtual Network (AVN) Overview – Regions and Logical Segments

AVN provides the following benefits:

• The application virtual network is highly secured by using an NSX Edge device as the distributed firewall to isolate applications from each other and external users. Direct access to application virtual networks is controlled by distributed firewall rules;
• Prepares for future use of a single IP network address space that provide application mobility between data centers;
• Simplified future disaster recovery procedures;
• Applications that need failover support across regions now have an overlay backed subnet that spans across regions;
• During failover, applications retain their IP addresses, resulting in faster RTO.

Network Virtualization

The foundation of the network virtualization layer for VMware Cloud Foundation on VxRail is provided by NSX-T. NSX provides a software-defined networking approach that delivers Layer 2 to Layer 7 networking services, such as switching, routing, firewalling, and load balancing, in software. These services can be programmatically assembled in any combination, producing unique, isolated virtual networks in a matter of seconds. NSX-T, which is considered the next generation virtual network platform provides native support for Kubernetes, VMware Tanzu and cloud native applications.

To learn more about VMware Cloud Foundation on VxRail network architecture, including NSX-T, see VMware Cloud Foundation on VxRail Architecture Guide in Appendix A: References.