On overlay networks, NSX supports routing of inter-VLAN traffic on an L3 domain. During routing, virtual distributed router (VDR) uses VLAN ID to route packets between VLAN subnets.
Inter-VLAN routing overcomes the limitation of 10 vNICs that can be used per VM. NSX supporting inter-VLAN routing ensures that many VLAN subinterfaces can be created on the vNIC and consumed for different networking services. For example, one vNIC of a VM can be divided into several subinterfaces. Each subinterface belongs to a subnet, which can host a networking service such as SNMP or DHCP. With Inter-VLAN routing, for example, a subinterface on VLAN-10 can reach a subinterface on VLAN-10 or any other VLAN.
Each vNIC on a VM is connected to a switch through the parent logical port, which manages untagged packets.
To create a subinterface, on a switch configured in Enhanced mode, create a child port using the API with an associated VIF using the API call described in the procedure. The subinterface tagged with a VLAN ID is associated to a new logical switch, for example, VLAN10 is attached to logical switch LS-VLAN-10. All subinterfaces of VLAN10 have to be attached to LS-VLAN-10. This 1–1 mapping between the VLAN ID of the subinterface and its associated logical switch is an important prerequisite. For example, adding a child port with VLAN20 to logical switch LS-VLAN-10 mapped to VLAN-10 makes routing of packets between VLANs non-functional. Such configuration errors make the inter-VLAN routing non-functional.
Starting from NSX 3.2.2, logical port proton APIs are replaced with the corresponding segment port policy APIs.
Prerequisites
-
Before you associate a VLAN subinterface to a logical switch, ensure that the logical switch does not have any other associations with another VLAN subinterface. If there is a mismatch, inter-VLAN routing on overlay networks might not work.
- Ensure that hosts run ESXi v 6.7 U2 or later versions.