VMware Cloud Foundation supports a network flexible architecture. Customers can choose switches that meet their organization’s standard and scalability requirements. There is also increased flexibility in network configurations permitting customers to configure VLANs and other settings without fear of disrupting SDDC Manager’s automation or configuration. SDDC Manager does not require access to the physical network layer. Switches are manually configured by the customer’s network team or by the professional services engineer, if this part of implementation is also covered with a custom services engagement.

There are multiple VMware Cloud Foundation on VxRail network topology options. The choice of topology design will depend on desired outcomes. The most common network topology for VMware Cloud Foundation on VxRail will follow a standard spine-leaf architecture. Decisions need to be made on where the VLANs from the platform’s workload domains will terminate in the supporting physical network layer. Decisions must also be made for the layer 2/layer 3 boundary in multi-rack deployments of VMware Cloud Foundation on VxRail.

Some example physical network topology designs are shown in Figure 23. For more detailed documentation on network design options, please refer to the VxRail Network Planning Guide and Architecture Guides as well as Dell EMC Networking Guides on the VxRail Knowledge Center and Dell EMC support portal (links provided in Appendix A: References).

Figure 23.          VMware Cloud Foundation on VxRail example network topology options

As of VxRail 4.7.300, VxRail node networks for a cluster spanning additional racks can share same IP subnet (non-routable) or assigned a different IP subnet (routable). This provides even more network configuration flexibility for customers.

With version 4.0 of the platform, VMware introduced the concept of Application Virtual Networks (AVN). The Application Virtual Network enables linkage for the vRealize Suite cloud management components and enables connectivity to the upstream external network. The vRealize components, including vRealize Log Insight, vRealize Life Cycle Manager, vRealize Operations Manager and vRealize Automation, connect to the AVN when deployed.

Figure 24.          Application Virtual Network (AVN) Overview

AVN provides the following benefits:

• The application virtual network is highly secured by using an NSX Edge device as the distributed firewall to isolate applications from each other and external users. Direct access to application virtual networks is controlled by distributed firewall rules;
• Prepares for future use of a single IP network address space that provide application mobility between data centers;
• Simplified future disaster recovery procedures
• Applications that need failover support across regions now have an overlay backed subnet that spans across regions;
• During failover, applications retain their IP addresses, resulting in faster RTO.

Note, that at the time of writing this document, dual-region configuration of VMware Cloud Foundation 4.x on VxRail 7.x with SRM-based disaster recovery is not supported yet.

Network Virtualization

The foundation of the network virtualization layer for VMware Cloud Foundation on VxRail is provided by NSX-T.  NSX provides a software-defined networking approach that delivers Layer 2 to Layer 7 networking services (e.g., switching, routing, firewalling, and load balancing) in software. These services can then be programmatically assembled in any arbitrary combination, producing unique, isolated virtual networks in a matter of seconds. NSX-T, which is considered the next generation virtual network platform provides native support for Kubernetes, VMware Tanzu and cloud native applications.

To learn more about VMware Cloud Foundation on VxRail network architecture, including NSX-T, please consult VMware Cloud Foundation on VxRail Architecture Guide (link provided in Appendix A: References).