Edge cluster architecture standards

In VMware NSX-T Data Center, an edge cluster is a group of edge nodes. The edge nodes can be deployed in a virtual (VM based) or physical (bare-metal) form factor. The initial Vblock System implementation of VMware NSX-T Data Center supports only virtual edge clusters. This implementation provides some benefits for flexibility of deployment and serviceability over bare-metal edge nodes.

The VMware NSX-T Data Center for VxBlock Systems design adopts the VMware recommended edge cluster design for service providers. This design includes two edge clusters:

  • Edge-Cluster-NS-Peering is a dedicated edge cluster to host a Tier-0 gateway for BGP peering and north-south traffic flows. The traffic flows need to communicate from the VMware NSX-T Data Center environment to the physical environment and the outside world. The edge node VMs that make up this cluster are deployed as medium-sized appliances.
  • Edge-Cluster-Production01 is a production edge cluster that tenants or business units can use. The edge node VMs that make up this cluster are deployed as large-sized or extra-large-sized appliances. A T1 gateway should be associated with this cluster only if the Tier-1 gateway is hosting centralized services such as NAT or edge firewall. If the intended use case for the deployment does not require any Tier-1 services, this cluster can be safely removed post-deployment.

In a large IT shop or multitenant environment, this design provides role-based security:

  • One group can secure the NS-Peering edge cluster to VMware NSX-T Data Center administrators and support personnel.
  • A different group can manage the Production01 edge cluster.

VMware NSX-T Data Center enables the definition of role-based access to these clusters independently, using the API.

This design also mitigates limitations in the BGP peering capabilities of the Tier-0 gateway. The Tier-0 gateway supports eight-way ECMP peering. The VxBlock System VMware NSX-T Data Center design connects a single Tier-0 gateway in one of two ways in the edge-cluster-NS-peering cluster:
  • Through two edge node VMs (4-way ECMP)
  • Through four edge node VMs (8-way ECMP)
Depending on the use case, you can enhance edge services in the following ways:
  • Add more edge node VMs.
  • Add a Tier-0 gateway and associated edge node VMs.

Two ToR switches north of the edge cluster can support only four edge VMs peering north-bound to the ToR switches in a cluster. The Production01 edge cluster Tier-1 gateway does not need to participate in ECMP peering with the ToR switches. If necessary, the cluster can contain more than four nodes.