Layer 2 bridging is very useful feature of NSX-T, which provides connection to a VLAN backed port group or a device, such as a gateway, that resides outside of NSX-T DC environment. Useful scenarios, among others, are:

  • Workload migration from VLAN-backed to NSX overlay segment,
  • NSX-V to NSX-T migration in Customer environments,
  • Security features leverage using NSX-T Gateway firewal etc.

L2 bridging feature requires usage of Edge clusters and Edge Bridge profiles.

Deployments should consider different options, with most important scenarios for implementation below (this covers Edge VM deployment option as typical use case):

  • Edge VM on VSS portgroup --> promiscious and forged transmit on portgroup REQUIRED / ESXi host (with Edge VM) command "esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1" REQUIRED / Active and Standby Edge VMs should be on different hosts,
  • Edge VM on VDS 6.6 (or later) portgroup --> Enable MAC learning with the option "Allow Unicast Flooding" on the portgroup using VIM API DVSMacLearningPolicy and setting allowUnicastFlooding to TRUE,
  • Edge VM on VDS 6.5 (or later) portgroup --> same setup like in first option (VSS portgroup),
  • Edge VM on NSX-T segment --> new segment MAC discovery profile with MAC Learning and Unknown Unicast Flooding¬†ENABLED / attach created segment profile to segment used by Edge VM

Regarding useful setup picture for testing/labing purposes - something like this should help:

NSX Layer 2 bridge setup

Tuesday, May 18, 2021 Dragan 2021 54
In this, a little bit longer post, I'm going to explain a couple typical use case scenarios regarding different options used inside NSX-T environment for connection options on Edge side, regarding TEP and North/South traffic options. Every environment is special use case, but hope you will find...
Wednesday, August 24, 2022 Dragan 2022 89
Layer 2 bridging is very useful feature of NSX-T, which provides connection to a VLAN backed port group or a device, such as a gateway, that resides outside of NSX-T DC environment. Useful scenarios, among others, are: Workload migration from VLAN-backed to NSX overlay segment, NSX-V to NSX-T...
Wednesday, August 24, 2022 Dragan 2021 94
Recently I had serious NSX-T production issue with BGP involved and T0 routing instance on edge VMs cluster, in terms of not having routes inside routing table on T0 - which supposed to be received from ToR L3 device. NSX-T environment has several options regarding connections from fabric to the...