NSX for vSphere offers VXLAN to Layer 2 VLAN bridging capabilities with the data path contained entirely in the ESXi hypervisor. The bridge runs on the ESXi host where the DLR control VM is located. Multiple bridges per DLR are supported.

Table 1. Design Decision on Virtual-to-Physical Interface Type

Decision ID

Design Decision

Design Justification

Design Implications


Place all management and tenant virtual machines on VXLAN logical switches, unless you must satisfy an explicit requirement to use VLAN backed port groups for these virtual machines. Where VLAN backed port groups are used, configure routing from VXLAN to VLAN networks.

If a Layer 2 adjacency between networks is a technical requirement, then connect VXLAN logical switches to VLAN backed port groups using NSX Layer 2 Bridging.

Use NSX Layer 2 Bridging only where virtual machines need to be on the same network segment as VLAN backed workloads and routing cannot be used, such as a dedicated backup network or physical resources. Both Layer 2 Bridging and Distributed Logical Routing are supported on the same VXLAN logical switch.

Network traffic from virtual machines on VXLAN logical switches generally is routed. Where bridging is required, the data path is through the ESXi host that is running the active Distributed Logical Router Control VM. As such, all bridged traffic flows through this ESXi host at the hypervisor level.