NSX for vSphere offers VXLAN to Layer 2 VLAN bridging capabilities with the data path contained entirely in the ESXi hypervisor. The bridge runs on the ESXi host where the DLR control VM is located. Multiple bridges per DLR are supported.

Table 1. Virtual to Physical Interface Type Design Decision

Decision ID

Design Decision

Design Justification

Design Implications

CSDDC-VI-SDN-027

Place all management and tenant virtual machines on VXLAN logical switches, unless you must satisfy an explicit requirement to use VLAN backed port groups for these virtual machines. Where VLAN backed port groups are used, configure routing from VXLAN to VLAN networks.

If a Layer 2 adjacency between networks is a technical requirement, then connect VXLAN logical switches to VLAN backed port groups using NSX L2 Bridging.

Use NSX L2 Bridging only where virtual machines need to be on the same network segment as VLAN backed workloads and routing cannot be used, such as a dedicated backup network or physical resources.

Both L2 Bridging and Distributed Logical Routing are supported on the same VXLAN logical switch.

Network traffic from virtual machines on VXLAN logical switches generally is routed. Where bridging is required, the datapath occurs through the ESXi host that is running the active Distributed Logical Router Control VM. As such, all bridged traffic flows through this ESXi host at the hypervisor level.