802.1Q Open standard that defines how multiple VLANs can be shared across a link between two switches.
ABR OSPF area border router. Connects one or more areas to the backbone area.
administrative distance A number ranking system to determine the most reliable routing table learning method or routing protocol.
AES-NI Advanced Encryption Standard New Instructions. CPU technology to allow for the offloading from the OS encryption-based computations.
ARP table Table created by the Switch Security Module to keep the IP-ARP mappings of each logical switch. The ARP table is populated by doing ARP snooping and DHCP snooping. Each ESXi host’s Switch Security Module sends a copy of its ARP entries to the NSX Controller.
ASBR OSPF autonomous system border router. Injects routes into OSPF from a different routing process or AS.
autonomous system (AS) A domain under the control of the same administrator or entity.
Border Gateway Protocol (BGP) Exterior Gateway Protocol (EGP) that is used as the preferred routing protocol for the Internet.
Bridge Instance The ESXi host doing the Layer 2 bridging.
control plane The network plane that facilitates, using the configuration provided by the management plane, the information needed to make forwarding decisions for traffic between end systems.
cost Number used to determine the path preference to a destination. The lower the number the better the path.
cross vCenter NSX NSX 6.2 feature to centralize management of NSX and feature configuration of NSX among multiple NSX Managers. In cross vCenter NSX, there is a single NSX dDomain that supports ESXi host clusters from different vCenters.
data plane The network plane that makes the forwarding decision, using information provided by the control plane, for traffic between end systems.
Designated Instance The ESXi host running the copy of the DLR instance responsible for sending ARP requests over the VLAN LIF and sending ARP replies over the VLAN LIF.
Diffie-Hellman Mechanism used for the creation of secret keys over an untrusted medium.
distributed firewall (DFW) Firewall that runs in the ESXi kernel to provide Layer 2, Layer 3, and Layer 4 stateful security to virtual machines.
distributed firewall module Software installed in the ESXi host to enable the distributed firewall.
distributed logical router (DLR) In-kernel NSX router managed by a single NSX Manager that connects to global logical switches.
DNAT Destination NAT. The changing of the destination IP address of a packet.
eBGP External BGP. The type of BGP peers formed by two BGP speakers in the different AS.
Edge HA Two NSX Edges deployed in an Active/Standby state.
Edge VLAN The VLAN the Perimeter Edge connects to.
Equal Cost MultiPath ECMP is the capability of a router to have multiple paths in the routing table to the same destination.
ESXi host A server running the vSphere hypervisor.
exclusion list List of virtual machines excluded from the DFW.
External Gateway Protocol, EGP Term to describe a routing protocol that may be under one or more AS.
hardware VTEP A physical bridge that can bridge a VXLAN to a VLAN.
iBGP Internal BGP. The type of BGP peers formed by two BGP speakers in the same AS.
IKE Internet Key Exchange. Protocol for the creation of secure communications channel over an untrusted medium.
Internal Gateway Protocol (IGP) Term to describe a routing protocol that is under one AS.
internal LIF A logical interface where no routing protocol will be configured.
IPsec VPN Protocol suite that allows for the secure communication between two endpoints over an untrusted medium.
IPsec VPN peers Two endpoints that have successfully negotiated the creation of an IPsec VPN tunnel.
IS-IS Intermediate Systems to Intermediate Systems. IGP that exchanges routing information via link state. Similar to OSPF.
Layer 2 bridge The bridging of a VXLAN and a VLAN by a DLR.
Layer 2 VPN Mechanism to extend a Layer 2 domain over an untrusted medium.
LIF Logical Interface. The name of the interface of the logical router.
local firewall rule DFW rule that is not synchronized among NSX Managers in a cross vCenter NSX domain.
Locale ID Allows for local egress traffic from universal logical routers.
Logical Router Control VM In conjunction with the NSX Controller, facilitates the control plane for the distributed logical router.
logical switch A distributed switch that uses VXLAN Network IDs instead of VLAN Number IDs. Logical switches have the intelligence to know when to forward traffic to the VTEP for VXLAN frame encapsulation. Logical switches are not VTEPs themselves.
MAC learning A switch function to populate the MAC table by reading the source MAC address of ingress Ethernet frames.
management plane The network plane that owns configuration and management of network devices.
microsegmentation Capability of the DFW to enforce security policies at the vNIC level.
MLAG Multi-Chassis Link Aggregation. Two switches that present themselves as a single switch for the purpose of forming an LACP link.
MTEP Multicast VTEP. The proxy VTEP for a logical switch configured with Hybrid Replication Mode.
NAT Network Address Translation. NAT is a method of masquerading the source and/or destination IP and/or port number of a packet.
network function virtualization (NFV) The virtualization of network and security functions.
network planes A networking layered architecture employed by network devices to deliver traffic between end systems.
NSSA OSPF Not So Stubby Area. Area that allows for an ASBR to be within the area while only receiving a default route from the ABR.
NSX APIs RESTful based APIs to interact with NSX Manager.
NSX Controller Facilitates the NSX control plane for the logical switches and the distributed logical routers.
NSX Controller Master NSX Controller responsible for assigning the NSX Controllers Layer 2 responsibility for logical switches and Layer 3 responsibility for distributed logical routers.
NSX Edge The NSX virtual appliance that provides network and security services such as routing, firewalls, and load balancing.
NSX for Multi-Hypervisors (NSX-MH) The VMware SDN solution that supports vSphere and non-VMware hypervisors.
NSX for vSphere (NSX-V) The VMware SDN solution requiring a vSphere environment.
Open Shortest Path First (OSPF) IGP that uses link state to exchange route information.
Perimeter Edge NSX Edge configured to provide Layer 3 connectivity between the virtual and physical networks.
pMAC A MAC address used by the logical router for some non-ARP traffic. The pMAC will be different in all copies of the logical router instance.
portgroup A logical grouping of ports in the vSS or vDS that contains the configuration to be applied to the virtual ports that connect to the virtual machine’s vNIC and the VMkernel ports.
Primary NSX Manager The NSX Manager that owns the management plane of cross vCenter NSX features.
proxy VTEP The VTEP selected by the NSX Controller to forward replicated frames to all other VTEPs in its local VTEP subnet.
Replication Mode Method employed by logical switches to process BUMs.
REST Architectural style used for the development of web services that offers a way to interface with APIs.
routing module Software installed in the ESXi host to enable routing.
Secondary NSX Manager NSX Manager that participates in cross vCenter NSX.
security group Group of virtual machines matching predefined or dynamic criteria.
security policy Collection of Guest Introspection Services, DFW rules, and Network Introspection Services.
security service provider Provides security services to virtual machines by directly interacting with NSX.
security tag Labels created in NSX Manager that can be attached to virtual machines.
Service Composer Provides mechanism for the consumption of security services.
sinkport A dvPort that receives all BUMs in the matching VLAN.
site-site IPsec VPN IPsec VPN between two routers.
slicing The process of assigning logical switches and logical routers to different NSX Controllers.
SNAT Source NAT. The changing of the source IP address of a packet.
software defined data center A Network solution where the control plane is executed by an entity separate from the one executing the data plane.
software defined network (SDN) A method of virtualizing the network and security.
SpoofGuard Protects against IP and MAC spoofing attacks.
SSL VPN Protocol that allows the secure communication between two endpoints using SSL as the encryption mechanism.
SSL VPN-Plus NSX’s implementation of SSL VPN.
Standalone NSX Manager NSX Manager that has its role changed from Primary to Standalone while still having some cross vCenter NSX features or objects.
STP Spanning Tree Protocol. A protocol developed to prevent Layer 2 loops in an Ethernet broadcast domain.
SVI Switched Virtual Interface. A logical interface in a Layer 3 switch that can have IP and subnet configuration.
Switch Security module NSX software running in the ESXi hosts’ kernel. It maintains the ARP table, per logical switch, in each ESXi host.
ToR Top of Rack. A switch in a rack that provides uplink connectivity to the end systems in the rack.
Traceflow Troubleshooting and planning tool that spoofs VMs as the source of traffic.
transit NSX Manager NSX Manager that is not participating in vCenter NSX.
transport zone List of ESXi clusters that will be informed of new logical switches or universal logical switches.
TRILL Transparent Interconnection of Lots of Links. Ethernet technology that natively prevents Layer 2 loops without the use of Spanning Tree Protocol.
ULR Universal Logical Router. Like the DLR but configured and managed by the Primary NSX Manager. It can only connect to universal logical switches.
undeployed Edge An Edge that has been staged but not deployed in an ESXi host.
universal firewall rule DFW rule that is synchronized among NSX Managers in a cross vCenter NSX domain.
universal logical switch A virtual switch that is distributed. It uses VXLAN Network IDs instead of VLAN Number IDs. Universal logical switches support multiple NSX Managers in cross vCenter NSX.
Universal Services Virtual Machine (USVM) Guest Introspection Virtual Machine required to provide data security.
Uplink LIF A logical interface where a routing protocol may be configured.
Uplink port The virtual port connected to a VMNIC. In the vDS the Uplink ports are called dvUplinks.
UTEP Unicast VTEP. The proxy VTEP for a logical switch configured with Unicast Replication Mode.
vCloud Network and Security (vCNS) The network and security predecessor of NSX.
vDS vSphere distributed switch. The virtual switch with the management handled by vCenter.
VIP Virtual IP. In the context of a load balancer, it is the IP used by an external user to access distributed services and applications.
virtual network A network that runs in a virtual environment, such as vSphere.
virtual port A port in a virtual switch. The vDS virtual ports are called dvPorts.
virtual wires vCNS’s VXLAN aware virtual switches.
VLAN LIF A logical interface in the distributed logical router that connects to a vDS portgroup.
vMAC The source MAC address used by the logical router to send ARP requests and ARP replies. The vMAC is the same across all copies of the logical router instance.
VMkernel port The logical interface of the ESXi host that provides IP connectivity for the ESXi host.
VMNIC The physical interface in an ESXi host.
VMware tools Code installed in virtual machines to provide updated drivers and allows the ESXi hosts some level of access to the operating system of the virtual machine.
VMX file The instruction set the ESXi host uses to provide the configuration and features needed by the virtual machine on power on.
VNI VXLAN Network ID. Layer 2 number used to uniquely label an Ethernet broadcast domain in an NSX domain.
vNIC Virtual NIC. Ethernet interface of a virtual machine.
vRealize Automation One of VMware’s cloud platforms that offers support for NSX APIs.
vShield Manager The entity responsible for the management plane of vCNS.
vSS vSphere Standard Switch. The default virtual switch in the ESXi host. Each host manages its own vSphere Standard Switches.
VTEP VXLAN Tunnel Endpoint. An entity that can create, encapsulate, or decapsulate VXLAN frames. ESXi hosts may have multiple VTEPs, each represented by a VXLAN VMkernel port.
VTEP table Table that contains a list of all the VTEPs that have at least one virtual machine’s MAC associated with it. The VTEP table is owned and maintained by the NSX Controller.
VXLAN Virtual Extensible LAN. Overlay technology used to extend Ethernet broadcast domains over IP networks.
VXLAN LIF A logical interface in the logical router that connects to a logical switch.
VXLAN module Software installed in the ESXi host to enable logical switches.