Skip to main content

NSX-T (SDN)

Cloud Avenue networking services are powered by VMware NSX-T, providing Software-Defined Networking (SDN) capabilities for tenant connectivity, network segmentation and routing. 

NSX-T also provides the platform’s firewall capabilities. While this section focuses on networking services and architecture, security and firewall features are described in the Security section of this documentation. 

The NSX-T architecture is built around two complementary gateway layers : 

Tier-0 Gateway (T0) 

The Tier-0 Gateway is a provider-managed component that delivers connectivity between customer environments and external services. 

Each customer benefits from a dedicated routing context on the shared Tier-0 infrastructure. 

The Tier-0 Gateway provides access to external networks and services, including: 

  • Internet connectivity 
  • BVPN Galerie connectivity 
  • Cross Connect services 
  • Management and administration networks 
  • Shared platform services 

The Tier-0 Gateway is fully configured and managed by the Cloud Avenue platform. No customer intervention is required. 

Tier-1 Gateway (T1) 

The Tier-1 Gateway is dedicated to the customer environment and acts as the networking entry point for the Virtual Data Center (vDC). 

It provides routing and networking services for tenant workloads and enables the creation and management of: 

  • Routed networks 
  • Isolated networks 
  • Network Address Translation (NAT) 
  • DHCP services 
  • Static routing 
  • Load balancing services (where applicable) 
  • VPN services (where applicable) 

The Tier-1 Gateway configuration is managed directly by the customer through the VMware Cloud Director portal. *

Gateway Sizing 

Cloud Avenue offers several gateway sizes to accommodate different workload requirements and network throughput expectations. 

Gateway sizing directly impacts the available networking capacity and should be selected according to both current and anticipated future requirements. 

Typical sizing considerations include: 

  • Expected network throughput 
  • Number of virtual machines 
  • Number of connected networks 
  • NAT and routing requirements 
  • VPN usage 
  • Future growth projections 

Important: Gateway resizing is not an in-place operation. Moving from one gateway size to another requires the recreation and reconfiguration of the networking environment. Customers should therefore carefully evaluate their requirements and select the appropriate gateway size during the initial design phase. 

The available gateway sizes and their associated throughput limits are described in the following sections.

NSX-T gateways specifications

Depending on the needs, several configurations are available.

Type of gateway Class of service Specifications

Connected networks

(recommandation)

T0 VRF Standard 300 Mbps max flow(*)
  • Internet
  • BVPN Galery
  • Admin & backup
  • Internal VPNs
T0 VRF Premium 1 Gbps débit max (*)
  • Internet
  • BVPN Galery
  • Admin & backup
  • Internal VPNs
  • Network storage
  • Cross Connect
  • Object storage (S3)
Dedicated T0 Medium 3,5 Gbps max flow(*)
  • 5 T0 VRF max
Dedicated T0 Large
  • 10 Gbps max flow (*)
  • 100 T0 VRF max
T1 Standard 300 Mbps max flow (*)
  • Limit to 4 T1 max per T0 VRF
  • limit to 128 IPSec simultaneous connections

A single interface for connection to the T0


Nine interfaces for vDC networks

T1 Premium 1 Gbps max flow (*)
  • Limit to 8 T1 max per T0 VRF
  • limit to 256 IPSec simultaneous connections

Need a T0 Premium

Dedicated T1 Medium 3.5 Gbps max flow (*)
  • Limit to 5 T1 max per cluster
  • limit to 256 IPSec simultaneous connections.

Need a dedicated T0 Medium

Dedicated T1 Large 7 Gbps max flow (*)
  • Limit to 100 T1 max per cluster for all T0 VRF hosted on dedicated T0.
  • limit to 256 IPSec simultaneous connections.

Need a dedicated T0 Large

Interconnection

The VDR and CHA Data Centers are interconnected by a resilient L3 VXLAN infrastructure with multiple low-latency 100Gb/s links (WDM) between the sites.
Cloud Avenue has four dedicated 25Gb/s links provided by this underlying infrastructure.

The latency between the two Cloud Avenue sites is less than 5ms.

Network Architecture Overview

The platform is deployed across two geographically separated sites in a dual-site topology, with the network layer operating in an active-passive configuration.

Network Gateway Design

All north-south (ingress/egress) traffic is routed through the primary site using the VDR network as the default gateway.

The VDR network serves as the default gateway for all tenant/workload networks, ensuring consistent routing policy enforcement and traffic control.

Failover Mechanism

In the event of a primary site failure (planned or unplanned), gateway failover is automatically triggered toward the secondary (CHA) site.

This includes

  • Re-establishment of routing adjacencies
  • Activation of the standby gateway instance
  • Traffic redirection to the CHA site

The failover process is designed to minimize convergence time and ensure continuity of north-south traffic flows with limited packet loss and acceptable recovery time objectives (RTO).

Disaster Recovery

If one site fails, services continue to operate from the other site without requiring a separate DR environment.

Disaster recovery is built into the design through the dual-site setup.