VMware Networking Community
priscillagr
Enthusiast
Enthusiast
Jump to solution

How to create multiple Control VM for multiple L2 Bridging

Hello community!

I want to create 3 bridge instances to communicate my logical netowrk to my physical network.I know that we can have multiple instances of bridges in one Control VM. If i go with this desing i would have the following

Hosts 1 - ControlVM1:  - VLXAN 5001 = VLAN 10

                                     - VXLAN 5002 = VLAN 11

                                     - VLXAN 5003 = VLAN 12

And all my bridged network would be confined to the host that has the controlVM.

But if i wanted to distribute those bridges accross different hosts i would need one ControlVM for each host. It would be like the following:

Host 1 - ControlVM1 - VLXAN 5001 = VLAN10

Host 2 - ControlVM2 - VXLAN 5002 = VLAN11

Host 3 - ControlVM3 - VXLAN 5003 = VLAN12

What i am lacking is how to create ControlVMs just for bridging. Do i need to configure IP Addresses? Do i need to connect those controlVM to the logical switches? Or i just need to deploy the controlVM without any ip address configuration and just enable the L2 Bridging option?

Please help!

1 Solution

Accepted Solutions
vLingle
VMware Employee
VMware Employee
Jump to solution

priscillagr

If you want to spread the load of bridging across multiple esxi hosts you would need to create 2 more DLR's each with their own active control vm (deployed on different hosts) and a single bridged logical switch connected.  The updated brownfield guide does reference this point VMware® NSX-v Brownfield Design and Deployment Guide - ver 1.2  "a Logical Switch can only be attached to a single Control VM so if distributed routing and bridging are both needed for a group of LS, bridging will happen on the hypervisor where the DLR control VM resides".  This would obviously require routing between there 3 bridged LS's to go through a central ESG (which may not be an issue for you).  With that said, I'm curious if you are actually seeing performance issues, as the bridging is done in kernel and not by the control vm?  Instead of rearchitecting the routing, you might want to test the performance first.

Regards,

Jeffrey

Please KUDO helpful posts and mark the thread as solved if answered.

Regards,
Jeffrey Lingle

View solution in original post

6 Replies
vLingle
VMware Employee
VMware Employee
Jump to solution

priscillagr

If you want to spread the load of bridging across multiple esxi hosts you would need to create 2 more DLR's each with their own active control vm (deployed on different hosts) and a single bridged logical switch connected.  The updated brownfield guide does reference this point VMware® NSX-v Brownfield Design and Deployment Guide - ver 1.2  "a Logical Switch can only be attached to a single Control VM so if distributed routing and bridging are both needed for a group of LS, bridging will happen on the hypervisor where the DLR control VM resides".  This would obviously require routing between there 3 bridged LS's to go through a central ESG (which may not be an issue for you).  With that said, I'm curious if you are actually seeing performance issues, as the bridging is done in kernel and not by the control vm?  Instead of rearchitecting the routing, you might want to test the performance first.

Regards,

Jeffrey

Please KUDO helpful posts and mark the thread as solved if answered.

Regards,
Jeffrey Lingle
smitmartijn
VMware Employee
VMware Employee
Jump to solution

Hi,

There is currently no way to distribute L2 bridges between ESXi hosts on the same Distributed Logical Router. You also can't create multiple Control VMs per DLR (besides the HA active/standby pair). That's the bad news. 😉

The good news is that you can design a distribution between hosts, but you need to create multiple DLRs for that to work. Each DLR will have it's own Control VM, which you can spread out between hosts.

If multiple DLRs is not an option, I'd ask the question: Do I really need the L2 bridges? (they're not that highly available in any case and mostly used for migrations). And if you really need them (permanently & performant); you might want to look into hardware switch VTEPs: Configuring Hardware Gateway

priscillagr
Enthusiast
Enthusiast
Jump to solution

Hello vLingle!

I am just wondering how would i do it if i needed to configure multiple DLRs. I know that would be best to avoid those bridges if there isn't any technical requirement for it! With that said, let me see if i got you right:

1 rule. I cannot connect the same logical switch to two different DLR.

So if i create one DLR (with the respective controlVM) for each logical switch that i want to bridge (and place them in different hosts), i would need to change the routing topology so the three DLR (and the logical switches) can talk to each other. Probably use the Edge at the top of the topology. So it would be something like the following:

          ------------Edge----------

    |               |                |

__|___    __ |____      _|__

   |                 |                |

DLR1         DLR2      DLR3

  |                  |              |

LS1           LS2         LS3

That way I can "distribute" the bridging across my hosts, but i would get a more complicated desing in a routing perspective. Does that sound right?

Reply
0 Kudos
priscillagr
Enthusiast
Enthusiast
Jump to solution

Hello smitmartijn!

For what i am seeing distributed L2 bridging with multiples DLR sounds possible but not that simple to do. And i totally forgot about the hardware GW! I didn't even considered, but for permanent bridges it does sound like a good way out. I'm going to take a look at that!

Reply
0 Kudos
vLingle
VMware Employee
VMware Employee
Jump to solution

priscillagr​ Yep, you got it!

Please KUDO helpful posts and mark the thread as solved if answered.

Regards,
Jeffrey Lingle
Reply
0 Kudos
IvarHome
Hot Shot
Hot Shot
Jump to solution

I think Vmware NSX implementation is far from perfect. The 1:1 bridge restriction is unclear. Vmware talk about loops and there fore dont allow this. Its not serious explanation - software itselt must prevent loops, vmware itself must develop harder. Example. I have 2 ESXi. In ESXi-1 I have NSX manager, edge and controller. In ESXi-2 I have edge and controller. VM-1 in ESXi-1 and VM-2 in ESXi-2. Both VMs in the same logical switch. Vmware says I cant implement 2 edge bridges to connect the same VXLAN to VLAN. In first place yes, it shows VMs in common logical switch can have 2 points to connect to outside world. Instead traffic must flow from VM-2 to ESXi-1 and out through its edge. Or VM-1 through ESXi-2 edge. Why traffic must go through this long way? Why VM-1 cant be go out through ESXi-1 bridge and VM-2 through ESXi-2 bridge? But this is only vmware software developing implementation. There is no any loop when vmware implement priority rules how L2 traffic must flow. Example when NSX software detects VM-1 is local (to ESXi-1 bridge), then ARP broadcast must be blocked in ESXi-2 bridge. And traffic flows out through ESXi-1 bridge. For VM-2 it must block ESXi-1 broadcast and traffic flows out through ESXi-2 bridge. No any loop and no any double outputs. ....So, I still hope in next version Vmware implement this.

Reply
0 Kudos