A couple of days ago I would like to set up a nested vSphere Cluster in my Homelab for testing purposes with NSX to try out some funky API-Stuff, that I wouldn’t do with my “productive” NSX Environment.
So I came around some “special” settings for my DVS & Portgroupt to have VMs reachable within my Nested Lab. So in this Blog Post, I will show you which settings did the trick for me.

With nested virtualization, the nested ESXi host is distributing traffic for a number of other “nested VMs” running on the nested instance of ESXi. In this case, multiple MAC addresses appear in the 802.3 source address field. Each virtual workload hosted by the nested ESXi host must communicate through the ESXi virtual network adapter. These additional MAC addresses are rejected as spoofed transmissions, so the settings of the DVS Portgroup must allow these transmissions.

In the following, I will show you the configuration for the DVS and Portgrpups of your “physical” Environment:

VLAN backed Port Group in my Lab for the nested environment
Go to “Edit Settings” from the Portgrpup and go to the Tab “Security” and change “Promiscuous Mode” to “Accept” so additional MAC addresses are not rejected. Also, set the two other options to “Accept”
figure out the MTU of your DVS in your “physical Environment” in my case it is 9000. Keep in mind.

Within the next step, you have to configure the DVS and its Portgroups of the “nested” Environment:

Set MTU to the same size as it is in the DVS in your “real world” DVS. As you can see I configured 9000 as well.
In the last step, the Port group of your “nested” DVS must be configured, as you can see VLAN type is set to “None”, so nested VMs connected to this PG are not getting an additional VLAN-TAG and can communicate within the VLAN-Backed Port-Group of your “physical” DVS / PG.

So for now we are done & have successfully configured your DVS & Port Groups for an Nested Lab Environment within our “phyical” vSphere Cluster.

If you have any questions or suggestions, feel free to contact me or use the comment function here under the post.
In further tutorials, I would like to show you in the future to expand my NSX-Environment to micro-segmentation with the goal of being able to provide a multi-tenant VDI environment.
So check back here from time to time or give me feedback on what you would like to see more tutorials.

No responses yet

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert