Configure some additional settings on the virtual wire port group of the NSX-V Logical Switch to enable connectivity with the NSX Edge bridge.

This additional configuration is required only on the distributed port group of the NSX-V Logical Switch that connects to the NSX Edge bridge. If an NSX-V transport zone spans multiple vSphere Distributed Switches, each Logical Switch creates one virtual wire port group per Logical Switch. The other distributed port groups on the vSphere Distributed Switch (VDS) do not require this configuration.

For example, the virtual wire port group on VDS-1 for Vwire-1 Logical Switch is vxw-dvs-36-virtualwire-1-sid-10600-Vwire-1. This virtual wire port group connects to the Edge bridge node EN1.

There are two methods to enable this connectivity:
Method 1: Enable Promiscuous Mode and Forged Transmit
Enable these two configuration settings on the distributed port group of the Logical Switch where the NSX Edge bridge node is connected. The drawback of enabling promiscuous mode is that all the VMs on the Logical Switch can access the packets even if a single VM receives the packet. Therefore, enabling promiscuous mode might impact network performance.
Method 2: Enable MAC Learning and Forged Transmit
MAC Learning is more efficient as compared to promiscuous mode. MAC Learning is a native feature in vSphere Distributed Switch. This feature is available starting in vSphere 6.7, and it is supported in vSphere Distributed Switch 6.6.0 or later. However, you can enable MAC Learning only with the vSphere API, and you must be familiar with scripting to enable this feature on the port group.

See an example Python script in the NSX Tech Zone article to enable MAC Learning and Forged Transmit on a port group. After you have enabled MAC Learning, you can verify the macLearningPolicy settings in the vCenter Managed Object Browser (MOB) at http://{vCenter-IP-Address}/mob.

As method 2 requires technical knowledge of scripting, you can use the simpler method 1 to enable the configuration settings on the virtual wire port group of the Logical Switch.

Procedure

  1. Enable Promiscuous Mode and Forged Transmit on the distributed port group.
    1. In the vSphere Client, navigate to Hosts and Clusters, and from the left Navigator view, click Networking.
    2. Under VDS-1, right-click the virtual wire port group that is connected to the NSX Edge bridge node, and click Edit Settings.
      For example, right-click the vxw-dvs-36-virtualwire-1-sid-10600-Vwire-1 virtual wire port group on VDS-1.
    3. Click Security.
    4. In the Promiscuous mode drop-down menu, select Accept.
    5. In the Forged Transmits drop-down menu, select Accept.
    6. Click OK.
  2. If you have enabled MAC Learning using the Python script, verify whether the macLearningPolicy property is enabled on the distributed port group.
    1. In the vSphere Client, check the dvportgroupId of the virtual wire port group.
      To obtain the dvportgroupId, navigate to Hosts and Clusters, and from the left Navigator view, click Networking. Click the virtual wire port group in the Navigator view. Retrieve the dvportgroupId from the URI path in the browser. You can see something like this in the URI: DistributedVirtualPortgroup:dvportgroup-id
      For example, click the vxw-dvs-36-virtualwire-1-sid-10600-Vwire-1 virtual wire port group on VDS-1. The dvportgroupId is dvportgroup-72. The dvportgroupId might be different in your environment.
    2. Log in to the VMware vCenter MOB and go to the following URL to view the configuration properties of the dvportgroup:
      https://{vcenter-ip}/mob/?moid={dvportgroupId}&doPath=config%2edefaultPortConfig

      Make sure to replace vcenter-ip and dvportgroupId with the actual values, as applicable in your environment.

      The properties of the VMwareDVSPortSetting object type are displayed.
    3. Click macManagementPolicy from the Value column.
      For example:

      Properties of the VMwareDVSPortSetting object type.
      The properties of the DVSMacManagementPolicy object type are displayed.
    4. Verify that the forgedTransmits property is set to true.
      For example:

      Properties of the DVSMacManagementPolicy object type
    5. Again click macManagementPolicy from the Value column.
      The properties of the DVSMacLearningPolicy object type are displayed.
    6. Verify that macLearningPolicy is configured as follows:
      • enabled: true
      • limit: 4096
      • limitPolicy: Drop
      For example:

      Properties of the DVSMacLearningPolicy object type
      Note: If the value of limit and limitPolicy is Unset, MAC Learning does not work even when macLearningPolicy is enabled.