You can add a sub interface on a trunk vNIC, and use this sub interface in various NSX Edge services.


Sub interface types.
Trunk interfaces can be of the following types:
  • VLAN trunk is standard and works with any version of ESXi. This type of interface is used to bring a tagged VLAN traffic into Edge.
  • VXLAN trunk works with NSX version 6.1, and later. This type of interface is used to bring VXLAN traffic into Edge.
The following Edge services can use a sub interface:
  • DHCP
  • Routing (BGP and OSPF)
  • Load Balancer
  • IPSec VPN: You can configure IPSec VPN only as an uplink interface. Use sub interfaces when you want private traffic to traverse through the IPSec tunnel. If an IPSec policy is configured for private traffic, sub interface acts as a gateway for the private local subnet.
  • L2 VPN
  • NAT

. A sub interface cannot be used for HA or Logical Firewall. However, you can use the IP address of the sub interface in an edge firewall rule.

Procedure

  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click an NSX Edge.
  4. Navigate to NSX Edge interface settings by clicking Manage > Settings > Interfaces.
  5. Select an interface and click the Edit (Edit icon or Edit icon) icon.
  6. In the Edit Edge Interface dialog box, enter a name for the interface.
  7. In Type, select Trunk.
  8. Select the standard port group or distributed port group to which this interface must be connected.
    1. Next to the Connected To text box, click Edit icon or Change.
    2. Depending on what you want to connect to the interface, click the Standard Port Group or Distributed Port Group tab.
    3. Select the appropriate port group and click OK.
  9. Select the connectivity status for the interface.
  10. In Sub Interfaces, click Add.
  11. Make sure that the sub interface is enabled, and enter a name for the sub interface.
  12. In Tunnel ID, enter a number between 1 and 4094.
    The tunnel ID is used to connect the networks that are being stretched. This value must be identical on both the client and server sites.
  13. In Backing Type, select one of the following options to indicate the network backing for the sub interface.
    Option Description
    VLAN Enter the VLAN ID of the virtual LAN that your sub interface should use. VLAN IDs can range from 0 to 4094.
    Network Select the distributed port group or logical switch. NSX Manager extracts the VLAN ID and uses it for configuring the trunk.
    None Use this option to create a sub interface without specifying a network or VLAN ID. This sub interface is internal to an NSX Edge, and is used to route packets between a stretched network and an unstretched (untagged) network.
  14. In Configure Subnets, click Add to add subnets to the sub interface.
  15. Enter the IP address.
    An interface can have multiple non-overlapping subnets. Enter one primary IP address and a comma-separated list of multiple secondary IP addresses. NSX Edge considers the primary IP address as the source address for locally generated traffic. You must add an IP address to an interface before using it on any feature configuration.
  16. Enter the subnet prefix length.
  17. Edit the default MTU value for the sub interface, if necessary.
    The default MTU for a sub interface is 1500. The MTU for the sub interface should be equal to or less than the lowest MTU among all the trunk interfaces for the NSX Edge.
  18. Enable the Send Redirect option to convey routing information to hosts.
  19. Enable or disable the Reverse Path Filter option.

    Reverse Path Filter verifies the reachability of the source address in packets being forwarded. In enabled mode, the packet must be received on the interface that the router can use to forward the return packet. In loose mode, the source address must appear in the routing table.

  20. To return to the trunk interface settings, click OK.
  21. If you are using NSX Data Center 6.4.4 or later, click the Advanced tab to continue with the remaining steps in this procedure.
  22. Enter the MAC address for the interface, if needed. Enter two MAC addresses, if HA is enabled for the ESG.
    If not needed, the MAC addresses are autogenerated.
  23. Edit the default MTU of the trunk interface, if necessary.
    The default MTU for a trunk interface is 1600, and the default MTU for a sub interface is 1500. The MTU for the trunk interface must be equal to or more than the MTU of the sub interface.
  24. Click Save or OK.

Results

You can now use the sub interface for the Edge services.

What to do next

Configure a VLAN trunk if the sub interface added to a trunk vNic is backed by a standard port group. See Configure VLAN Trunk.