VMware NSX Transport Zone
The NSX Transport Zone is an object in NSX that is used to define the scope of a logical switch and Distributed Logical Router (DLR). When creating a logical switch, a transport zone must be selected; the transport zone will be a container object for logical switches. A transport zone defines a collection of ESXi hosts (vSphere cluster) and a vSphere cluster can be part of multiple transport zones. A logical switch can only belong to one transport zone and virtual machines in different transport zones cannot reside on the same layer 2 network. As a best practice, always align a transport zone to vDS boundaries. In the following example, a transport zone called RegionA01 is created with three clusters added to the transport zone: Compute Cluster 1, Compute Cluster 2, and Edge Cluster:
It is important to have a transport zone aligned to vDS boundaries. See the following example where Compute Cluster 1 is not part of the transport zone which is called misaligned:
In this case, if a logical switch is created on the RegionA01 transport zone, the logical switch and respective dvPortGroup will be created on Compute Cluster 2, Edge Cluster, and also Compute Cluster 1. The reason is that dvPortGroup is created on the vDS level and not on the ESXi host level and both Compute Cluster 1 and Compute Cluster 2 are sharing a common Compute vDS. Therefore, all ESXi hosts that are attached to that particular vDS will see all dvPortGroup on that vDS, regardless of the transport zone configuration. The ESXi host will also be able to attach its VMs to the logical switch and VXLAN will work fine.
Issues will arise when you start to create an NSX DLR. Unlike a logical switch, a DLR instance is created per the vSphere cluster and not per vDS. In the previous example, VMs attached to a logical switch in Compute Cluster 1 will work fine when communicating in layer 2. But when the VMs need to communicate to another network that requires a layer 3 function in DLR, the communication will fail.
One or more transport zones can be created depending on the requirements. A single transport zone can be scaled up to 1,000 DLR instances. In a multitenant scenario, the 1,000 DLR instances can translate to 1,000 tenants per transport zone. vCenter limits are likely to be exceeded before considering a second transport zone. For this reason, a single transport zone is normally sufficient for most deployments. If desired, a separate transport zone can be created for a dedicated vSphere cluster or for security/compliance reasons.