NSX L2 – Bridging


L2 Bridging:

  1. NSX L2 bridging enables connectivity between VXLAN based logical switch and a VLAN
  2. It also referred as bridging between virtual & physical workloads.
  3. L2 bridging is achieved by deploying DLR Control VM. (The L2 bridging happens at VMkernel level)
  4. L2 bridging functionality is enabled by selecting the logical switch(VXLAN) & the distributed port group(VLAN) at the DLR.

Use cases:

  • P2V Migration in which work loads are being migrated from Physical environment to virtual environment where it is required to have the same network broadcast domain (No change to the IP address of the workloads).
  • Mixed environments where some of the servers are virtualized but some of the dependent servers are still in the physical or running in the bare metal.

 L2 bridging provides simple & direct L2 connectivity without much changes required in the existing infrastructure.

Key Points:

  • L2 bridging is done at the DLR (ULR is not supported for L2 bridging)
  • It supports bridging only between VXLAN & VLAN (VXLAN – VXLAN & VLAN – VLAN is not supported)
  • A single L2 bridge instance is always a 1:1 mapping between VXLAN & VLAN (We can have multiple L2 bridge instances for each VXLAN & its corresponding VLAN)
  • L2 bridging is not supported for Data center interconnects which means that the VXLAN & VLAN which needs to be bridged should be in the same Data center. (L2 bridging is not distributed)
  • VXLAN & VLAN port groups should be on the same vDS (vSphere Distributed Switch)


Throughput & Availability:

  • L2 bridging is configured in the DLR.
  • Once L2 bridging is enabled on the DLR, the actual bridging takes place on the specific ESXi server where the active DLR Control VM is hosted. (The ESXi host where the DLR control VM is running called as Bridge Instance)
  •  As result the through put is limited to that of the ESXi host where the DLR control SM is running.
  • For better throughput if there are multiple instance of L2 bridging running. It is recommended to run it on different ESXi host servers.
  • DLR control VM is configured in high availability mode to avoid single point of failure & to achieve high availability.
  • In case, the ESXi host where the DLR control VM is placed fails, the NSX controller will take care of availability by moving the bridge instance to different ESXi server.
  • The NSX controller is also responsible for pushing the copy of the MAC table to the new bridge instance.