6 Replies Latest reply on Feb 16, 2019 2:01 AM by IvarHome

    How to create multiple Control VM for multiple L2 Bridging

    priscillagr Novice

      Hello community!


      I want to create 3 bridge instances to communicate my logical netowrk to my physical network.I know that we can have multiple instances of bridges in one Control VM. If i go with this desing i would have the following


      Hosts 1 - ControlVM1:  - VLXAN 5001 = VLAN 10

                                           - VXLAN 5002 = VLAN 11

                                           - VLXAN 5003 = VLAN 12


      And all my bridged network would be confined to the host that has the controlVM.


      But if i wanted to distribute those bridges accross different hosts i would need one ControlVM for each host. It would be like the following:


      Host 1 - ControlVM1 - VLXAN 5001 = VLAN10


      Host 2 - ControlVM2 - VXLAN 5002 = VLAN11


      Host 3 - ControlVM3 - VXLAN 5003 = VLAN12


      What i am lacking is how to create ControlVMs just for bridging. Do i need to configure IP Addresses? Do i need to connect those controlVM to the logical switches? Or i just need to deploy the controlVM without any ip address configuration and just enable the L2 Bridging option?


      Please help!

        • 1. Re: How to create multiple Control VM for multiple L2 Bridging
          vLingle Enthusiast
          VMware Employees


          If you want to spread the load of bridging across multiple esxi hosts you would need to create 2 more DLR's each with their own active control vm (deployed on different hosts) and a single bridged logical switch connected.  The updated brownfield guide does reference this point VMware® NSX-v Brownfield Design and Deployment Guide - ver 1.2  "a Logical Switch can only be attached to a single Control VM so if distributed routing and bridging are both needed for a group of LS, bridging will happen on the hypervisor where the DLR control VM resides".  This would obviously require routing between there 3 bridged LS's to go through a central ESG (which may not be an issue for you).  With that said, I'm curious if you are actually seeing performance issues, as the bridging is done in kernel and not by the control vm?  Instead of rearchitecting the routing, you might want to test the performance first.



          1 person found this helpful
          • 2. Re: How to create multiple Control VM for multiple L2 Bridging
            smitmartijn Hot Shot
            VMware EmployeesvExpert



            There is currently no way to distribute L2 bridges between ESXi hosts on the same Distributed Logical Router. You also can't create multiple Control VMs per DLR (besides the HA active/standby pair). That's the bad news. ;-)


            The good news is that you can design a distribution between hosts, but you need to create multiple DLRs for that to work. Each DLR will have it's own Control VM, which you can spread out between hosts.


            If multiple DLRs is not an option, I'd ask the question: Do I really need the L2 bridges? (they're not that highly available in any case and mostly used for migrations). And if you really need them (permanently & performant); you might want to look into hardware switch VTEPs: Configuring Hardware Gateway

            1 person found this helpful
            • 3. Re: How to create multiple Control VM for multiple L2 Bridging
              priscillagr Novice

              Hello vLingle!


              I am just wondering how would i do it if i needed to configure multiple DLRs. I know that would be best to avoid those bridges if there isn't any technical requirement for it! With that said, let me see if i got you right:


              1 rule. I cannot connect the same logical switch to two different DLR.


              So if i create one DLR (with the respective controlVM) for each logical switch that i want to bridge (and place them in different hosts), i would need to change the routing topology so the three DLR (and the logical switches) can talk to each other. Probably use the Edge at the top of the topology. So it would be something like the following:


                  |               |                |

              __|___    __ |____      _|__

                 |                 |                |

              DLR1         DLR2      DLR3

                |                  |              |

              LS1           LS2         LS3


              That way I can "distribute" the bridging across my hosts, but i would get a more complicated desing in a routing perspective. Does that sound right?

              • 4. Re: How to create multiple Control VM for multiple L2 Bridging
                priscillagr Novice

                Hello smitmartijn!


                For what i am seeing distributed L2 bridging with multiples DLR sounds possible but not that simple to do. And i totally forgot about the hardware GW! I didn't even considered, but for permanent bridges it does sound like a good way out. I'm going to take a look at that!

                • 6. Re: How to create multiple Control VM for multiple L2 Bridging
                  IvarHome Enthusiast

                  I think Vmware NSX implementation is far from perfect. The 1:1 bridge restriction is unclear. Vmware talk about loops and there fore dont allow this. Its not serious explanation - software itselt must prevent loops, vmware itself must develop harder. Example. I have 2 ESXi. In ESXi-1 I have NSX manager, edge and controller. In ESXi-2 I have edge and controller. VM-1 in ESXi-1 and VM-2 in ESXi-2. Both VMs in the same logical switch. Vmware says I cant implement 2 edge bridges to connect the same VXLAN to VLAN. In first place yes, it shows VMs in common logical switch can have 2 points to connect to outside world. Instead traffic must flow from VM-2 to ESXi-1 and out through its edge. Or VM-1 through ESXi-2 edge. Why traffic must go through this long way? Why VM-1 cant be go out through ESXi-1 bridge and VM-2 through ESXi-2 bridge? But this is only vmware software developing implementation. There is no any loop when vmware implement priority rules how L2 traffic must flow. Example when NSX software detects VM-1 is local (to ESXi-1 bridge), then ARP broadcast must be blocked in ESXi-2 bridge. And traffic flows out through ESXi-1 bridge. For VM-2 it must block ESXi-1 broadcast and traffic flows out through ESXi-2 bridge. No any loop and no any double outputs. ....So, I still hope in next version Vmware implement this.