VMware NSX

Hi all,

we would like to connect not only 802.1Q-VLANs to our Segments, Layer 2 Bridges, T0- or T0-VRF-Interfaces, but also 802.1AD (QinQ).

Are there any chances to see this feature in a future NSX-T release?

Kind regards

Hello,

This probably isn't the avenue for feature requests. That being said, Q-in-VNI is supported currently, which may meet your needs. Given the design pattern, carrier-level trunking (layer 2) between agnostic devices is probably not going to be high on the priority list. NSX prefers that you provide that via an appliance + bridge or Layer 3 to contain the potential problems it might cause.

• vn-segments containing 802.1q tags are supported
• Edge Bridges have the ability you described, by creating a vn-segment and bridging it with an outside VLAN.
• Sub-sub-interfaces in T0 VRF are configurable on both VNI and VLAN segments (but they aren't on regular Tier-0s). Check out the "Access VLAN ID" below:

Hope this helps. 802.1ad (as opposed to Q-in-VNI) is not super likely to be implemented outside of these fairly strict constraints - I wouldn't hold my breath for some kind of standards-compliant epipe solution.

Thanks for reply. 

If this is not the place to drop a feature request, where can we place it ? Q in VNI  is not  the feature we are looking for.

Q in VNI  (which is a tagged layer 2 frame compliant to 802.1Q encapsulated in a geneve VNI)  is not  Q in Q (which is a  simply said a VLAN in a VLAN as described in 802.1AD).

We would like to connect the following things to our switches, but not via 802.Q enabled switchports, but via 802.1AD enabled  switchports.

- T0-gateway

- T0-VRF-gateway

- Layer 2 bridges

- Segments 

Hello,

I apologize, it took me a bit longer to test this out. Q-in-Q appeared to be configurable but did not work (vDS is blocking, I believe). Oddly enough, Q-in-Q works on a vDS port-group, but only via the memory bus and not via hairpinning.

I'd ping your VMware account rep to get the process started. I'll ask around as well, but it will hold more weight if you work through your account team as well.

Sorry I didn't have a more pleasant answer!

How did you configured QinQ? Or what have you done to think that you configured QinQ? 

We already had a call with our account executive, a lead NSX solution engineer and a principal solution engineer about this topic and we were told that 802.1AD is currently not supported in VMware vSphere or NSX. The principal solution engineer aggreed that this  would be a nice feature.

NSX appears to allow Q-in-X - but the feature was for pruning inside of a list of 802.1q trunked VLANs and not 802.1ad.

I attempted to configure Q-in-Q, and discovered that vDS will block out or strip any packets that have a 2nd 802.1q header when leaving the host. The packets don't even leave the host. This indicates that vDS is chopping up the tags and re-applying to them, and that support for that feature would have to be added to vDS in addition to NSX.

I apologize if that was in any way unclear, the short answer is that I tested it and it didn't work. NSX-T appeared to provide the capability via the "Access VLAN" feature, and worked for Q-in-VNI, so I tested it and it did not produce the desired result - the feature under an 802.1q port-group only allows for the selection of an S-VLAN/Outer tag. 

Those guys should be able to submit an FR for you.