If you want to spread the load of bridging across multiple esxi hosts you would need to create 2 more DLR's each with their own active control vm (deployed on different hosts) and a single bridged logical switch connected. The updated brownfield guide does reference this point VMware® NSX-v Brownfield Design and Deployment Guide - ver 1.2 "a Logical Switch can only be attached to a single Control VM so if distributed routing and bridging are both needed for a group of LS, bridging will happen on the hypervisor where the DLR control VM resides". This would obviously require routing between there 3 bridged LS's to go through a central ESG (which may not be an issue for you). With that said, I'm curious if you are actually seeing performance issues, as the bridging is done in kernel and not by the control vm? Instead of rearchitecting the routing, you might want to test the performance first.
There is currently no way to distribute L2 bridges between ESXi hosts on the same Distributed Logical Router. You also can't create multiple Control VMs per DLR (besides the HA active/standby pair). That's the bad news. ;-)
The good news is that you can design a distribution between hosts, but you need to create multiple DLRs for that to work. Each DLR will have it's own Control VM, which you can spread out between hosts.
If multiple DLRs is not an option, I'd ask the question: Do I really need the L2 bridges? (they're not that highly available in any case and mostly used for migrations). And if you really need them (permanently & performant); you might want to look into hardware switch VTEPs: Configuring Hardware Gateway
I am just wondering how would i do it if i needed to configure multiple DLRs. I know that would be best to avoid those bridges if there isn't any technical requirement for it! With that said, let me see if i got you right:
1 rule. I cannot connect the same logical switch to two different DLR.
So if i create one DLR (with the respective controlVM) for each logical switch that i want to bridge (and place them in different hosts), i would need to change the routing topology so the three DLR (and the logical switches) can talk to each other. Probably use the Edge at the top of the topology. So it would be something like the following:
| | |
__|___ __ |____ _|__
| | |
DLR1 DLR2 DLR3
| | |
LS1 LS2 LS3
That way I can "distribute" the bridging across my hosts, but i would get a more complicated desing in a routing perspective. Does that sound right?
For what i am seeing distributed L2 bridging with multiples DLR sounds possible but not that simple to do. And i totally forgot about the hardware GW! I didn't even considered, but for permanent bridges it does sound like a good way out. I'm going to take a look at that!
I think Vmware NSX implementation is far from perfect. The 1:1 bridge restriction is unclear. Vmware talk about loops and there fore dont allow this. Its not serious explanation - software itselt must prevent loops, vmware itself must develop harder. Example. I have 2 ESXi. In ESXi-1 I have NSX manager, edge and controller. In ESXi-2 I have edge and controller. VM-1 in ESXi-1 and VM-2 in ESXi-2. Both VMs in the same logical switch. Vmware says I cant implement 2 edge bridges to connect the same VXLAN to VLAN. In first place yes, it shows VMs in common logical switch can have 2 points to connect to outside world. Instead traffic must flow from VM-2 to ESXi-1 and out through its edge. Or VM-1 through ESXi-2 edge. Why traffic must go through this long way? Why VM-1 cant be go out through ESXi-1 bridge and VM-2 through ESXi-2 bridge? But this is only vmware software developing implementation. There is no any loop when vmware implement priority rules how L2 traffic must flow. Example when NSX software detects VM-1 is local (to ESXi-1 bridge), then ARP broadcast must be blocked in ESXi-2 bridge. And traffic flows out through ESXi-1 bridge. For VM-2 it must block ESXi-1 broadcast and traffic flows out through ESXi-2 bridge. No any loop and no any double outputs. ....So, I still hope in next version Vmware implement this.