georgiosserveta
Contributor
Contributor

Routing for VMs connecting to a L2 bridge

Jump to solution

I am studying for VCP-NV and have a question regarding L2 bridging. Reading through the following vmware document "L2 Bridges​​​", it states that "The logical router cannot be used as a gateway for devices connected to a bridge." What does it mean? i.e. that for the VLAN and VXLAN being bridged the L2 Bridge should be used as the gateway, or they will have to use a physical gateway or an NSX ESG? Additionally, I was under the impression that since NSX 6.2, the DLR instance used for L2 bridging could also perform routing.

Many thanks!

George

1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee

You are right, earlier version never supported this. However new versions of NSX , does support this feature. One classic example is - having Virtual Workloads and physical workloads in same chassis which demands L2 and L3 with other workloads. Rather than keeping Gateway at Core (based on network design) ,it is better to keep it in DLR. That way we achieve optimized routing and bridging as well.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x

View solution in original post

3 Replies
mauricioamorim
VMware Employee
VMware Employee

Although bridging is configured on the DLR the bridging actually takes place on the ESXi host on which the control-vm runs, so there is nothing distributed in this feature. What the document means is that for the subnet being bridged the default gateway cannot be the DLR itself. Since bridges are usually used to connect physical endpoints in the same L2 domain as VMs in the overlay, the most common approach is to keep the default gateway in a physical router or switch.

The DLR can be the gateway for other logical switches, just not the one being bridged.

Sreec
VMware Employee
VMware Employee

You are right, earlier version never supported this. However new versions of NSX , does support this feature. One classic example is - having Virtual Workloads and physical workloads in same chassis which demands L2 and L3 with other workloads. Rather than keeping Gateway at Core (based on network design) ,it is better to keep it in DLR. That way we achieve optimized routing and bridging as well.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x

View solution in original post

georgiosserveta
Contributor
Contributor

Thank you both for your help! Then, in recent version of NSX (staring from 6.2) the L2 bridge can be used as a gateway for the VXLANs/VLANs being bridged. However, for previous versions, a router should have been used!

0 Kudos