Geneve Encapsulation – The Foundation
NSX-T uses the Geneve protocol to encapsulate overlay traffic.
- Similar to VXLAN, but more extensible (supports metadata).
- Requires MTU > 1600 (jumbo frames) to avoid fragmentation.
- Forms the backbone of NSX overlay networking.
Deployment Options Over Time
It stands for NSX VDS ( Distributed Switch).
We need to put a switch on the host somehow, there are two ways to do it.
- vSphere < 7.0 = N-VDS ( needs a spare nic )
- vSphere > 7.0+ = Converged vDS ( can use same adapters as our vDS uplinks )
N‑VDS (Legacy Option)
NVDS is a distributed switch created by NSX-T that is fully controlled by NSX-T Introduced in early NSX-T releases, so we won’t be able to modify this switch similar to how we modify VDS portgroups. Any changes will need to be done by NSX-T so this switch remains in full control via the NSX-T. This one required a dedicated NIC on ESXi hosts (vSphere 7), managed entirely by NSX-T — no vCenter visibility. Today this model is deprecated for ESXi, but still relevant for non‑vSphere platforms (KVM, bare metal).
NVDS requires a dedicated nic in vSphere 6.7 and on version 7.0 or newer we go for a converged VDS option. Converged would mean we can use the existing uplinks on the vDS and create NSX switches on top of it without stealing an uplink from the distributed switch.
Converged vDS (Current Standard)
We prep host, instead of NVDS we select the Converged option so our NSX sits on top of the existing vDS. This is the standard for vSphere 7, 8, and 9 ESXi hosts.
- Pre‑7.0 (Legacy): N‑VDS → dedicated NIC, NSX‑only control.
- 7.0 (Modern): Converged vDS → shared uplinks, integrated visibility.
- 8.0 & 9.0 (Current): Converged vDS → only supported option for ESXi.