VMware Networking Community
np-mast
Contributor
Contributor
‎05-15-2023 08:51 AM

Multiple segments per vnic

We are currently running a "legacy" setup without NSX, using Distributed vSwitches. In this environment we are running virtual firewall appliances attached to Distributed Portgroups with "VLAN trunking" because there are more then 10 networks connected to each firewall and otherwise we would run against the 10 vnic/VM limit.

We want to implement NSX, but only the GENEVE underlay/overlay to get rid of the need for so many VLANs on the physical infrastructure, however Routing and Security are supposed to still be done by the same virtual firewall of another vendor. Switching to NSX distributed routing/firewalling and/or using 3rd party integrations is not an option for reasons beyond the scope of this forum.

Now my question is -> is it possible to assign multiple NSX overlay-based segments to a single vnic in a way so that the VM thinks it is connected to a VLAN trunk?

Thanks.

Labels (4)
Labels
0 Kudos
4 Replies
Sreec
VMware Employee
VMware Employee
‎05-15-2023 09:06 AM

There is no way to trunk overlay networks so you will hit the same limitations. Regarding your design and traffic flow, I'm not fully clear. NSX security features must be explored to determine whether there are any substitutes. Nevertheless, there are other designs available; for example, you can peer NSX logical Routers with a firewall while continuing to examine  for a few traffic patterns. 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
alumbwage
Contributor
Contributor
‎05-15-2023 10:05 AM

With the NSX-V there was an option to add more than one IP address on the same Interface on the NSX-Edge VM. I am not sure if that option is available with NSX-T you can try that assigning more than one IP address on the single NIC connecting to an overlay network

0 Kudos
np-mast
Contributor
Contributor
‎05-16-2023 01:04 AM

Ok That is very unfortunate...

I know that NSX is very powerful, but an mentioned we have our reasons to want to do it in a different way which I cannot make public and are not up to discussion here...

0 Kudos
CyberNils
Hot Shot
Hot Shot
‎08-03-2023 03:20 AM

You can trunk multiple VLANs across one Overlay Segment. Then you VLAN tag on the VM. Not sure if this is what you need, but hope it helps. You simply set VLAN on the Overlay Segment to a range of VLANs, for instance 0-4094.



Nils Kristiansen
https://cybernils.net/
0 Kudos