Configure L2 bridge on NSX-T 3.0 to bridge a physical VLAN with a NSX segment

From Notes_Wiki
Revision as of 09:33, 7 April 2022 by Saurabh (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > VMWare platform > VMWare NSX > Configure L2 bridge on NSX-T 3.0 to bridge a physical VLAN with a NSX segment

There might be requirement during migration from VLAN based networking to NSX based networking to connect both using a bridge. This will allow a few VMS to use VLAN based network and a few others to use NSX segment based network. Even VMs on NSX segment based network can use the L3 switch gateway IP as gateway. The advantage of moving machine to segment based network while still using VLAN based L3 gateway is that now the machine can be protected using NSX distributed firewall.

To create a L2 bridge between a physical VLAN and segment use following steps:

  1. Assuming some VLAN ID (eg 100) and some subnet (eg 10.1.1.0/24) need to be connected via bridge. Also assuming required edges and edge cluster have been deployed as explained at Configure NSX-T 3.0 from scratch with edge cluster and tier gateways. Critical requirements are:
    • Having a ALL-VLAN-TRUNK port group
    • Security setings on ALL-VLAN-TRUNK port-group to allow all three - Promiscous mode, MAC address changes, Forged transmits.
    • Edge uplinks should be connected to ALL-VLAN-TRUNK port-group
    • Edge should be member of both overlay and VLAN backed transport zones.
    • Both edges deployed and part of edge-cluster
    • VLAN that needs to be bridged (100) is already created at L3 switch level. The VLAN is being trunked to ESXi hosts.
  2. First create a overlay based segment connected to T1-gateway with IP which is not used in 10.1.1.0/24 (Subnet to be bridged).
  3. It should now be possible to create VM in this segment and ping the T1 gateway IP.
  4. Go to Networking -> Connectivity -> Segments -> Edge Bridge Profiles -> Add Edge Bridge Profile and create a new Edge bridge profile with:
    • Any name can be given such as edgecluster01-bridge-profile
    • Select the edge cluster
    • Select first edge as primary and second edge as secondary
    • Let failover to be default preemptive value
  5. Edit the segment and click "Set" in front of Edge Bridges option to create a L2 bridge connecting this segment and a VLAN
    1. Select the edge bridge profile created in previous step
    2. Select VLAN based transport zone being used by edges
    3. Enter VLAN ID to be bridged with this segment (eg 100)
    4. Leave teaming policy blank
    5. Save settings and close editing the segment
  6. Now from the test VM we should be able to ping the L3 gateway along with still being able to ping NSX t1-segment gateway
    Note that while VM will ping from outside network, the IP given to segment (virtual T1 gateway IP for router in that segment) wont ping from outside network. This virtual IP is present on virtual router on all ESXi hosts. Hence pinging to it from outside NSX environment is not possible.


Refer:




Home > VMWare platform > VMWare NSX > Configure L2 bridge on NSX-T 3.0 to bridge a physical VLAN with a NSX segment

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configure_L2_bridge_on_NSX-T_3.0_to_bridge_a_physical_VLAN_with_a_NSX_segment&oldid=5810"