Road to VCAP6-NV: Objective 2.2 – Configure and Manage Layer 2 Bridging

VMwareNSX
In this blog post I will cover section 2 objective 2.2 of the VCAP6-NV Deploy exam.

Objective 2.2 – Configure and Manage Layer 2 Bridging

  • Add Layer 2 Bridging
  • Connect Layer 2 Bridging to the appropriate distributed virtual port group

Add Layer 2 Bridging

Within NSX, you can create a L2 bridge between a logical switch and a VLAN. This creates an adjacency between a virtualized and physical network.

b01

Some common use cases for L2 bridging would be:

  • Migration of workloads from physical to virtual
  • Extending virtual services on a logical switch to physical devices on the same IP subnet
  • Extending physical network services to a virtualized network on the same IP subnet
  • Access existing physical workloads

L2 bridging, however is not intended for:

  • VXLAN to VXLAN connectivity
  • VLAN to VLAN connectivity
  • Data center interconnectivity

A distributed logical router is required in order to create a L2 bridge in NSX. The bridge instance runs on the host that holds the active logical router control VM. If running in a HA configuration and the active bridge instance fails, the bridge automatically fails over to the secondary DLR control VM and becomes active there. L2 bridging has a 1:1 relationship between a logical switch and a VLAN. This is to prevent network loops. Once you select a logical switch to pair with a distributed port group, you cannot select either of them in the wizard again until that bridge is taken down. Also, the VXLAN to VLAN bridge must be a part of the same NSX distributed switch.

To create a L2 bridge navigate to Networking & Security > NSX Edges and double click on your DLR. Then under the Manage tab, click Bridging. Click the green +.

b02

Connect Layer 2 Bridging to the appropriate distributed virtual port group

Once you click the Logical Switch symbol, you can select the logical switch that you want to create the bridge between. Click OK.

b03

Then click the vDS portgroup symbol and select the portgroup that you want to bridge between. Click OK.

b05

Click OK

b06

Click Publish Changes.

b07

Now your L2 bridge is created

b08

Now as long as the VMs that are connected to the logical switch and VLAN are on the same IP subnet, you should be able to communicate between then.

Note: When using L2 bridging, you can not use the distributed logical router as your default gateway for devices connected to the bridge. One logical router can have multiple bridging instances, however, the routing and bridging instances cannot share the same VXLAN/VLAN network. Traffic to and from the bridged VLAN and bridged VXLAN cannot be routed to the bridged network and vice versa.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s