As a follow-up to my previous post comparing features and performance metrics between vShield Edges and NSX Edges, I have updated the information to reflect the current state of NSX Edge Services Gateways. With the End of Availability (EOA) of VMware vCloud Networking and Security 5.5.x, vShield Edges are no longer supported, and I do not include them in the tables below.
To begin with, it is essential to understand what an Edge device is. The Edge Services Gateway (NSX-v) connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of Edges include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the Edge creates virtual boundaries for each tenant.
The ESG gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple ESG virtual appliances in a datacenter. Each ESG virtual appliance can have a total of ten uplink and internal network interfaces. With a trunk, an ESG can have up to 200 subinterfaces. The internal interfaces connect to secured port groups and act as the gateway for all protected virtual machines in the port group. The subnet assigned to the internal interface can be a publicly routed IP space or a NATed/routed RFC 1918 private space. Firewall rules and other NSX Edge services are enforced on traffic between network interfaces.
Here is a list of services provided by the NSX Edge:
* Firewall
* NAT
* DHCP
* VPN
* Load Balancing
* High Availability
Now, let’s take a look at the different sizes of each edge appliance and their performance implications. As a disclaimer, the below numbers have been cherry-picked from different sources and are subject to change. Of interest from the above table is that there are no Load Balancing performance numbers listed for the NSX Compact Edge, so if you want to do any sort of load balancing, you will need NSX Large or above.
Here is a table describing each NSX Edge size use case:
| Size | Use Case |
| — | — |
| Large | Medium firewall performance and basic load balancing |
| X-Large | High performance load balancing and routing |
| Quad Large | High performance firewall abilities |
You can convert between NSX Edge service gateway sizes upon demand using a non-disruptive upgrade process, so the recommendation is to begin with the Large model and scale up if necessary. A Large NSX Edge service gateway is suitable for medium firewall performance but, as detailed later, the NSX Edge service gateway does not perform the majority of firewall functions.
In conclusion, NSX Edge Services Gateways provide a robust set of features and services to connect isolated networks to shared environments. The different sizes of each edge appliance offer varying levels of performance for different use cases. By understanding the capabilities of each size and the features they provide, you can choose the best fit for your specific needs.
References:
*
*
Copyright © 2024 VIRTUALIZATION IS LIFE!. Powered by WordPress & Infinite Theme.