VXLAN segments are built between VXLAN tunnel end points (VTEPs). A hypervisor host is an example of a typical VTEP. Each VXLAN tunnel has a segment ID. You must specify a segment ID pool for each NSX Manager to isolate your network traffic. If an NSX controller is not deployed in your environment, you must also add a multicast address range to spread traffic across your network and avoid overloading a single multicast address.

If you wish to configure multiple segment ID ranges in a single vCenter---for example, 5000-5999, 7000-7999---this is not currently supported in the vSphere Web Client UI, but you can do this using the NSX API.

POST https://<nsxmgr-ip>/api/2.0/vdn/config/segments

<name>Segment ID Pool 1</name>

POST https://<nsxmgr-ip>/api/2.0/vdn/config/segments

<name>Segment ID Pool 2</name>


When determining the size of each segment ID pool, keep in mind that the segment ID range controls the number of logical switches that can be created. Choose a small subset of the 16 million potential VNIs. You should not configure more than 10,000 VNIs in a single vCenter because vCenter limits the number of dvPortgroups to 10,000.

If VXLAN is in place in another NSX deployment, consider which VNIs are already in use and avoid overlapping VNIs. Non-overlapping VNIs is automatically enforced within a single NSX Manager and vCenter environment. Local VNI ranges can't be overlapping. However, it's important for you make sure that VNIs do not overlap in your separate NSX deployments. Non-overlapping VNIs is useful for tracking purposes and helps to ensure that your deployments are ready for a cross-vCenter environment.


  1. In vCenter, navigate to Home > Networking & Security > Installation and select the Logical Network Preparation tab.
  2. Click Segment ID > Edit.

    For example:

  3. Type a range for segment IDs, such as 5000-5999.

    For example:

  4. If any of your transport zones will use multicast or hybrid replication mode, add a multicast address or a range of multicast addresses.

    Having a range of multicast addresses spreads traffic across your network, prevents the overloading of a single multicast address, and better contains BUM replication.

    When VXLAN multicast and hybrid replication modes are configured and working correctly, a copy of multicast traffic is delivered only to hosts that have sent IGMP join messages. Otherwise, the physical network floods all multicast traffic to all hosts within the same broadcast domain. To avoid such flooding, you must do the following:

    • Make sure that the underlying physical switch is configured with an MTU larger than or equal to 1600.

    • Make sure that the underlying physical switch is correctly configured with IGMP snooping and an IGMP querier in network segments that carry VTEP traffic.

    • Make sure that the transport zone is configured with the recommended multicast address range. The recommended multicast address range starts at and excludes

    Do not use or as the multicast address range, because these networks are used for local subnet control, meaning that the physical switches flood all traffic that uses these addresses. For more information about unusable multicast addresses, see https://tools.ietf.org/html/draft-ietf-mboned-ipv4-mcast-unusable-01.


When you configure logical switches, each logical switch receives a segment ID from the pool.