Hardware

Why VCF Networking NSX Is Essential Even in a VXLAN World with VMware by Broadcom

Tech Field Day
Tech Field DayMar 16, 2026

Why It Matters

By embedding network virtualization and VPC self‑service into VCF, enterprises can accelerate application deployment, reduce cross‑team dependencies, and achieve true cloud agility on‑premises.

Key Takeaways

  • VCF network virtualization eliminates manual ticketing across multiple teams.
  • VPCs act as autonomous network bubbles within VMware Cloud Foundation.
  • VPC subnets draw from pre‑allocated IP blocks, preventing overlaps.
  • Distributed VPC routers run on ESXi, bypassing physical fabric configuration.
  • VCF 9.0 enables self‑service VPC creation via vCenter, APIs, Terraform.

Summary

The video explains why VMware Cloud Foundation’s (VCF) built‑in network virtualization, powered by NSX, remains critical even when the underlying physical fabric already supports VXLAN overlays.

Dimitry argues that relying on the physical switches for every new tier‑2 application forces administrators to open tickets across networking, load‑balancing and security teams. VCF’s network virtualization consolidates routing, switching, load‑balancing and firewall services inside the cloud, allowing a vCenter admin to provision compute, storage and network with a few clicks or API calls. The new VPC model introduced in VCF 9.0 creates isolated “network bubbles” that draw IP ranges from pre‑allocated blocks, eliminating address‑overlap risks.

He illustrates the workflow: a vCenter admin creates a public or private VPC subnet, selects DHCP or DHCP‑relay, and the system automatically assigns a slice of the external IP block. The distributed VPC router runs as a process on each ESXi host, encapsulating traffic so the physical fabric only sees host‑to‑host IPs, regardless of the underlying VLAN or VXLAN configuration.

This self‑service approach shortens provisioning from days or weeks to minutes, gives business units autonomous networking control, and aligns private‑cloud operations with public‑cloud experiences, driving faster time‑to‑market and lower operational overhead.

Original Description

Physical fabrics may provide VXLAN, but modern private clouds demand far more than basic overlay connectivity. This video explores how VCF Networking (NSX) decouples networking from the physical fabric, enabling automated, policy-driven network services that integrate natively with vCenter and VCF Automation. We also examine Virtual Private Clouds (VPCs), which empower developers to instantly provision secure, multi-tenant environments without deep networking expertise. Discover why VCF Networking is not simply an overlay but the foundational layer that unlocks agility, operational simplicity, and true cloud operating models inside the modern data center. Dimitri Desmidt shows why network virtualization within VMware Cloud Foundation (VCF) is essential, even if the underlying physical network already supports VXLAN. He highlights that while physical networks provide basic overlay connectivity, they fall short in delivering the comprehensive network services – such as switching, routing, load balancing, and firewalling – that modern applications require. Managing these services manually on physical infrastructure for each new application often entails a cumbersome, ticket-driven process spanning multiple teams and interfaces, delaying application deployment by weeks or even months.
VCF Networking, powered by NSX, addresses this by bringing these crucial network services directly into the cloud platform, enabling a self-service, automated consumption model. This shift eliminates the need for manual configuration and inter-team coordination, drastically reducing network provisioning time from weeks to mere seconds. A key innovation in VCF 9.0 is the introduction of Virtual Private Clouds (VPCs), which adopt the familiar industry-standard concept. A VPC is a self-contained "network bubble" that developers or vCenter administrators can instantly provision with subnets and automated IP address management. VCF is pre-configured with an IP block designated for future application networks, ensuring that newly provisioned subnets do not conflict with or overlap existing physical network infrastructure, thereby preventing IP conflicts and maintaining network stability.
VPCs offer granular control over network access, allowing for "public" subnets exposed to the external world, "private transit gateway" subnets for communication within a tenant, and "private VPC" subnets for isolation within a single VPC bubble. While VCF Networking handles basic access control and Network Address Translation (NAT), more advanced security needs, such as protocol-level firewalling, IDS/IPS, and malware inspection, are addressed by vDefense. The VPC gateway is fully distributed, running as a process within each ESX host, making the creation of new subnets completely transparent to the underlying physical fabric. This design means the physical network only sees encapsulated traffic between ESX host IPs, so no changes are required to the physical switches. This approach not only provides exceptional flexibility for dynamically connecting virtual machines but also allows for overlapping private IP address spaces across different VPCs, as all outbound traffic is automatically NAT'd, preventing conflicts. Additionally, VCF enables administrators to set quotas for network resources, ensuring fair usage and resource governance across various tenants or business units.
Presented by Dimitri Desmidt, NSX Senior Technical Product Manager, VCF Division, Broadcom. Recorded live at Cloud Field Day in Santa Clara on March 12th, 2026. Watch the entire presentation at https://techfieldday.com/appearance/vmware-by-broadcom-presents-at-cloud-field-day-25/ or visit https://techfieldday.com/event/cfd25/ or https://www.vmware.com/ for more information.

Comments

Want to join the conversation?

Loading comments...