Objective 5.3 – Configure and manage Layer 2 Bridging

Principles

  • Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
  • Understand how to add a Layer 2 Bridge to an NSX Edge device
  • Determine when Layer 2 Bridging would be required for a given NSX implementation
  • Determine use cases for multiple Layer 2 Bridges
  • Compare and contrast software and hardware bridging

References

  1. NSX Administration Guide

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf

  1. NSX Installation Guide

https://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_install.pdf

  1. NSX Cross-vCenter Installation Guide

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cross_vc_install.pdf

Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging

  • Enable HA on the Logical Router hosting the L2 Bridge
  • The bridge runs on the same host where the DLR Control VM is located
  • When the router fails over the standby VM, the bridge is automatically moved over
  • Ensure that the VLAN being bridged is presented to all hosts in the Cluster to ensure traffic continues to be forwarded in the event of failover
  • The DLR Control VM is not in the data path and is used only to designate the ESXi host on which the bridge is active

Understand how to add a Layer 2 Bridge to an NSX Edge device

  • Bridges are 1:1 VXLAN -> VXLAN
  • Multiple bridge instances can be added if needed
  • The VXLANs and VLANs being bridged must be configured on the same vDS

  • Exclusions:
    • VXLAN -> VXLAN Bridging
    • VLAN -> VLAN Bridging
    • Inter Datacenter connection
    • UDLRs cannot be used for bridging
    • Bridges cannot be added to Universal Logical Switches
  • L2 Bridges are configured on DLRs
  • Add a bridging instance from DLR -> Manage -> Bridging
  • Select the Logical Switch (VXLAN) and Distribute Port Group (VLAN) required

Determine when Layer 2 Bridging would be required for a given NSX implementation

  • L2 Bridging can be used to migrate physical workloads to logical switches without changing IP Addresses
  • L2 Bridges must use the gateway on the physical network i.e. the DLR on which the bridging instances is running cannot be used as the network gateway

Determine use cases for multiple Layer 2 Bridges

  • Multiple L2 Bridges can be used where migrating physical workloads from numerous VLANs
  • Multiple L2 Bridges can be spread across ESXi hosts for scalability
  • In some cases multi-tier applications may have some components as VMs and others a Physical machines. If they need to be on the same subnet then L2 Bridging can be used to connect them
  • For some P2V migrations it may be necessary to configure multiple L2 Bridges to migrate workloads from multiple networks
  • If a physical Load Balancer or Firewall needs to be used for virtualised workloads

Compare and contrast software and hardware bridging

  • Software bridges:
    • Configured entirely inside VMs and operate at the Hypervisor level
    • Can be positioned freely within the network where most appropriate
    • Are flexible and can be provisioned as needed at short notice
  • Hardware bridges:
    • Are dedicated machines
    • Placement options restricted by physical network topology
    • Take longer to source and provision
  • Hardware Gateways:
    • Provide NSX with access to the Open vSwitch Database (OVSDB)
    • Use hardware VTEPs and an alternative way to link Logical Networks with VLANs
    • Listens on Port 6640 – NSX Controller uses this port to communicate with the hardware gateway
    • Requires at least 4 Hypervisors