This is part 6 of 20 blogs I am writing covering the exam prep guide for the VMware Certified Advanced Professional – Network Virtualisation Deployment (3V0-643)  VCAP6-NV certification.

At the time of writing there is no VCAP Design exam stream, thus you’re automatically granted the new VMware Certified Implementation Expert – Network Virtualisation (VCIX6-NV) certification by successfully passing the VCAP6-NV Deploy exam.

Previous blogs in this series:

Part 1 – Intro
Part 2 – Objective 1.1
Part 3 – Objective 1.2
Part 4 – Objective 1.3
Part 5 – Objective 2.1

This blogs covers:

Section 2 – Create and Manage VMware NSX Virtual Networks
Objective 2.2 – Configure and Manage Layer 2 Bridging

• Add Layer 2 Bridging
• Connect Layer 2 Bridging to the appropriate virtual port group

Add Layer 2 Bridging

A Layer 2 (L2) Bridge connects a single VXLAN backed logical switch to a single VLAN from the physical network that share the same address space e.g. both the VXLAN and the VLAN are using 10.0.0.0/24 addressing.

The L2 Bridge joins the VXLAN to a VLAN-backed port group that is configured on a vSphere Distributed Switch (vDS).

Once the L2 Bridge is in place, devices on either side of the bridge can communicate with each other just like they are directly connected.

You might use L2 Bridging during a migration to extend your VLANs from your on-prem private cloud into a Service Providers cloud.

You might also use L2 Bridging to allow logical switches access to physical devices such as a firewall or router.

The bridge itself is configured on the NSX Edge Distributed Logical Router (DLR), but the actual bridge instance runs on a host that has the VLAN connected and the NSX Edge DLR virtual machine.

If the DLR is configured for High-Availability (HA) mode, when the primary NSX Edge VM fails (think ESXi host failure) the bridge is moved to the host with the standby NSX Edge VM (thus this host must also have the VLAN connected).

A bridge is always a 1:1 relationship between VXLAN and VLAN. A bridge maps to only one VLAN; there can be multiple bridge instances, but the same VXLAN or VLAN cannot be connected to more than one bridge.

To Add a Layer 2 Bridge

Note: You need an Edge DLR deployed prior.

Log into the vSphere Web Client.

Click Networking and Security, then NSX Edges.

Double-click the Edge DLR you want to configure the bridge on.

Click Manage followed by Bridging.

Click the green + sign to Add Bridge. Enter the relevant information for your environment then click OK.

And that’s how you configure a Layer 2 Bridge. Not sure if this objective was meant to cover deploying an Edge DLR as the next section seems to repeat what’s above, but deploying is pretty simple – just make sure when you deploy a new Edge that you select ‘Logical (Distributed) Router‘ and ‘Deploy NSX Edge’ on the first screen (as below).

Followed by adding the ‘NSX Edge Appliance‘ on the 3rd screen (as below). Click the green + sign to add.

 

Connect Layer 2 Bridging to the appropriate virtual port group

We have already done this in the above section when you Add a Bridge.

Select the appropriate Distributed Port Group.

In the exam we may need to create a L2 Bridge or given a scenario where a bridge is already created but you cannot ping between devices separated by the bridge.

To check the VXLAN to VLAN mapping you would need to open this box to confirm the configuration.

If you make any changes don’t forget to hit the Publish button at the top of the screen to make the configuration active.

 

That’s all for this blog.

Part 7 will be based on Objective 2.3 – Configure and Manage Routing. There is quite a lot of subject matter in this one to digest to generate a blog so part 7 will probably be released in 5 -7 days. It’s now available!

Thanks for reading. If you are enjoying the content please share!