You can add a sub interface on a trunk vNIC, which can then be used by NSX Edge services.
- VLAN trunk is standard and works with any version of ESXi. This is used to bring tagged VLAN traffic into Edge.
- VXLAN trunk works with NSX version 6.1, and later. This is used to bring VXLAN traffic into Edge.
- Routing (BGP and OSPF)
- Load Balancer
- IPSec VPN: IPSec VPN can only configured as an uplink interface. Sub interface can be used for private traffic to traverse over the IPSec tunnel. If IPSec policy is configured for the private traffic, sub interface acts as a gateway for the private local subnet.
- L2 VPN
. A sub interface cannot be used for HA or Logical Firewall. You can, however, use the IP address of the sub interface in a firewall rule.
- In the Interfaces. tab for an NSX Edge, click
- Select an interface and click the Edit () icon.
- In the Edit Edge Interface dialog box, type a name for the interface.
- In Type, select Trunk.
- Select the standard portgroup or distributed portgroup to which this interface should be connected.
- Click Change next to the Connected To field.
- Depending on what you want to connect to the interface, click the Standard Portgroup or Distributed Portgroup tab.
- Select the appropriate portgroup and click OK.
- Click Select.
- In Sub Interfaces, click the Add icon.
- Click Enable Sub interface and type a name for the sub interface.
- In Tunnel Id, type a number between 1 and 4094.
The tunnel Id is used to connect the networks that are being stretched. This value must be the same on both the client and server sites.
- In Backing Type, select one of the following to indicate the network backing for the sub interface.
- VLAN for a VLAN network.
Type the VLAN ID of the virtual LAN that your sub interface should use. VLAN IDs can range from 0 to 4094.
- Network for a VLAN or VXLAN network.
Click Select and select the distributed portgroup or logical switch. NSX Manager extracts the VLAN ID and uses it in trunk configuration.
- None to create a sub interface without specifying a network or VLAN ID. This sub interface is internal to NSX Edge, and is used to route packets between a stretched network and an unstretched (untagged) network
- VLAN for a VLAN network.
- To add subnets to the sub interface, click the Add icon in the Configure Subnets area.
- In Add Subnets, click the Add icon to add an IP address. Type the IP address and click OK.
If you enter more than one IP address, you can select the Primary IP address. An interface can have one primary and multiple secondary IP addresses. NSX Edge considers the Primary IP address as the source address for locally generated traffic.
- Type the subnet prefix length and click OK.
- Edit the default MTU value for the sub interface if required.
The default MTU for a trunk interface is 1600 and the default MTU for a sub interface is 1500. The MTU for the sub interface should be equal to or less than the lowest MTU among all the trunk interfaces for the NSX Edge.
- Select Enable Send Redirect to convey routing information to hosts.
- Enable or Disable Reverse Path Filter.
Reverse Path Filter verifies the reachability of the source address in packets being forwarded. In enabled mode, the packet must be received on the interface that the router would use to forward the return packet. In loose mode, the source address must appear in the routing table.
- Click OK to return to Trunk Interface window.
- Enter the MAC address for the interface if needed. Enter two MAC addresses if using ESG HA.
If not needed, they will be autogenerated.
- Edit the default MTU of the trunk interface, if required.
The default MTU for a trunk interface is 1600, and the default MTU for a sub interface is 1500. The MTU for the trunk interface should be equal to or more than the MTU of the sub interface.
- Click OK.
What to do next
Configure VLAN trunk if the sub interface added to a trunk vNic is backed by standard portgroup. See Configure VLAN Trunk.