In this post, we will cover following topics of Objective 2.2 of VCAP6-NV Deploy Exam
Objective 2.2 – Configure and Manage Layer 2 Bridging
- Add Layer 2 Bridging
- Connect Layer 2 Bridging to the appropriate virtual port group
Add Layer 2 Bridging
A Layer 2 (L2) Bridge allows connectivity between a logical switch (VXLAN based) and a VLAN based portgroup on vDS that shares the same IP address space i.e VMs connected to VXLAN and distributed portgroup are on same subnet.
A possible use cases for this scenario can be, an application server on a logical switch need to access a database server connected to the physical network or a customer wants to extend their application to the cloud but wants to keep certain components on-site and because its legacy application it cannot be re-IP’d or any other constraint.
Prior to NSX version 6.2, it was not possible to bridge a Logical Switch that was connected to a Distributed Logical Router: for that scenario it was required to connect the Logical Switch directly to an Edge Gateway.
With NSX 6.2 VMware introduced in-kernel software L2 Bridging capabilities that allow you to connect VLAN backed VMs to VMs connected VXLAN based network (virtual wires). L2 bridging is achieved by deploying a Logical router control VM. The control VM is used only for the bridge configuration and its pinning to a particular ESXi host.
In a L2 bridge, there is always a 1:1 relationship between VXLAN and VLAN. Although there can be multiple bridge instances on a DLR, but the same VXLAN or VLAN cannot be connected to more than one bridge.
The following prerequisites are for Layer 2 Bridging.
- An NSX logical router must be deployed in your environment.
- You cannot use a universal logical router to configure bridging, and you cannot add a bridge to a universal logical switch.
If the DLR is configured for High-Availability (HA) mode, when the primary NSX Edge VM fails (think ESXi host failure) the bridge is moved to the host with the standby NSX Edge VM (thus this host must also have the VLAN connected).
A bridge is always a 1:1 relationship between VXLAN and VLAN. A bridge maps to only one VLAN; there can be multiple bridge instances, but the same VXLAN or VLAN cannot be connected to more than one bridge.
To Add a Layer 2 Bridge
Note: You need an Edge DLR deployed prior.
Log into the vSphere Web Client.
Click Networking and Security,
Select the target Logical Switch.
And that’s how you configure a Layer 2 Bridge. Not sure if this objective was meant to cover deploying an Edge DLR as the next section seems to repeat what’s above, but deploying is pretty simple – just make sure when you deploy a new Edge that you select ‘Logical (Distributed) Router‘ and ‘Deploy NSX Edge’ on the first screen (as below).
Followed by adding the ‘NSX Edge Appliance‘ on the 3rd screen (as below). Click the green + sign to add.
Connect Layer 2 Bridging to the appropriate virtual port group
We have already done this in the above section when you Add a Bridge.
Select the appropriate Distributed Port Group.
In the exam we may need to create a L2 Bridge or given a scenario where a bridge is already created but you cannot ping between devices separated by the bridge.
To check the VXLAN to VLAN mapping you would need to open this box to confirm the configuration.
If you make any changes don’t forget to hit the Publish button at the top of the screen to make the configuration active.
Also read the below reference documents:
In Next post we will cover: Objective 2.3 – Configure and Manage Routing
I hope this has been informative and thank you for reading! Be social and share it on social media, if you feel worth sharing it…!!!
I am Rahul Sharma, I am currently working as Subject Matter Expert for SDDC and Cloud Infrastructure Services, Mainly on VMware Virtualization Platform.
I have 9 Year’s of IT experience and have expertise in Designing and Deploying of VMware vSphere, vSAN, vCloud Director, vRealize Automation, SRM, NSX and modern data center technologies like vBlock, Cisco UCS, DELL, HPE C7000, HPE Synergy HCI etc.
I am VCIX6-DCV, Dual VCP – DCV & NV, MSCE – Cloud, CCNA, ITIL v3 Certified.