There are two options to mitigate looping. Either the NSX Edges and VMs can be on different ESXi hosts, or the NSX Edges and VMs can be on the same ESXi host.

Option 1: Separate ESXi hosts for the L2VPN Edges and the VMs

The image is described in the surrounding text.

  1. Deploy the Edges and the VMs on separate ESXi hosts.
  2. Configure the Teaming and Failover Policy for the Distributed Port Group associated with the Edge’s Trunk vNic as follows:
    1. Load balancing as “Route based on originating virtual port.”
    2. Configure only one uplink as Active and the other uplink as Standby.
  3. Configure the teaming and failover policy for the distributed port group associated with the VMs as follows:
    1. Any teaming policy is okay.
    2. Multiple active uplinks can be configured.
  4. Configure Edges to use sink port mode and disable promiscuous mode on the trunk vNic.
Note:
  • Disable promiscuous mode: If you are using vSphere Distributed Switch.
  • Enable promiscuous mode: If you are using virtual switch to configure trunk interface.

If a virtual switch has promiscuous mode enabled, some of the packets that come in from the uplinks that are not currently used by the promiscuous port, are not discarded. You should enable and then disable ReversePathFwdCheckPromisc that will explicitly discard all the packets coming in from the currently unused uplinks, for the promiscuous port.

To block the duplicate packets, activate RPF check for the promiscuous mode from the ESXi CLI where NSX Edge is present: 

esxcli system settings advanced set -o /Net/ReversePathFwdCheckPromisc -i 1
esxcli system settings advanced list -o /Net/ReversePathFwdCheckPromisc
Path: /Net/ReversePathFwdCheckPromisc
Type: integer
Int Value: 1
Default Int Value: 0
Max Value: 1
Min Value: 0
String Value:
Default String Value:
Valid Characters:
Description: Block duplicate packet in a teamed environment when the virtual switch is set to Promiscuous mode.

In PortGroup security policy, set Promiscous Mode from Accept to Reject and back to Accept to activate the configured change.

  • Option 2: Edges and VMs on the same ESXi host

    The image is described in the surrounding text.

    1. Configure the teaming and failover policy for the distributed port group associated with Edge’s trunk vNic as follows:
      1. Load balancing as “Route based on originating virtual port.”
      2. Configure one uplink as active and the other uplink as standby.
    2. Configure the teaming and failover policy for the distributed port group associated with the VMs as follows:
      1. Any teaming policy is okay.
      2. Only one uplink can be active.
      3. The order of the active/standby uplinks must be the same for the VMs' distributed port group and the Edge’s trunk vNic distributed port group.
    3. Configure the client-side standalone edge to use sink port mode and disable promiscuous mode on the trunk vNic.