VMware NSX

 View Only
  • 1.  Multiple segments per vnic

    Posted May 15, 2023 03:52 PM

    We are currently running a "legacy" setup without NSX, using Distributed vSwitches. In this environment we are running virtual firewall appliances attached to Distributed Portgroups with "VLAN trunking" because there are more then 10 networks connected to each firewall and otherwise we would run against the 10 vnic/VM limit.

    We want to implement NSX, but only the GENEVE underlay/overlay to get rid of the need for so many VLANs on the physical infrastructure, however Routing and Security are supposed to still be done by the same virtual firewall of another vendor. Switching to NSX distributed routing/firewalling and/or using 3rd party integrations is not an option for reasons beyond the scope of this forum.

    Now my question is -> is it possible to assign multiple NSX overlay-based segments to a single vnic in a way so that the VM thinks it is connected to a VLAN trunk?

    Thanks.



  • 2.  RE: Multiple segments per vnic

    Broadcom Employee
    Posted May 15, 2023 04:07 PM

    There is no way to trunk overlay networks so you will hit the same limitations. Regarding your design and traffic flow, I'm not fully clear. NSX security features must be explored to determine whether there are any substitutes. Nevertheless, there are other designs available; for example, you can peer NSX logical Routers with a firewall while continuing to examine  for a few traffic patterns. 



  • 3.  RE: Multiple segments per vnic

    Posted May 15, 2023 05:05 PM

    With the NSX-V there was an option to add more than one IP address on the same Interface on the NSX-Edge VM. I am not sure if that option is available with NSX-T you can try that assigning more than one IP address on the single NIC connecting to an overlay network



  • 4.  RE: Multiple segments per vnic

    Posted May 16, 2023 08:04 AM

    Ok That is very unfortunate...

    I know that NSX is very powerful, but an mentioned we have our reasons to want to do it in a different way which I cannot make public and are not up to discussion here...



  • 5.  RE: Multiple segments per vnic

    Posted Aug 03, 2023 10:21 AM

    You can trunk multiple VLANs across one Overlay Segment. Then you VLAN tag on the VM. Not sure if this is what you need, but hope it helps. You simply set VLAN on the Overlay Segment to a range of VLANs, for instance 0-4094.