VMware NSX Gateway Questions

Gordon sent me a whole list of NSX gateway questions:

  • Do you need a virtual gateway for each VXLAN segment or can a gateway be the entry/exit point across multiple VXLAN segments?
  • Can you setup multiple gateways and specify which VXLAN segments use each gateway?
  • Can you cluster gateways together (Active/Active) or do you setup them up as Active/Standby?

The answers obviously depend on whether you’re deploying NSX for multiple hypervisors or NSX for vSphere. Let’s start with the former.

Gateways in NSX for multiple hypervisors release 4.0

NSX gateways are implemented on NSX gateway transport nodes which run on bare-metal servers or in dedicated VMs. NSX also supports third-party L2 gateways (VTEPs) with VXLAN encapsulation.

Each gateway node can run multiple instances of L2 or L3 gateway services (but not both). Each L2 gateway service can bridge between numerous overlay networks and VLANs (there must be a 1:1 mapping between an overlay network segment and an outside VLAN), each L3 gateway service can route between numerous logical networks and a single uplink.

Each gateway service can run on two gateway nodes in Active/Standby mode.

Gateways in NSX for vSphere release 6.0

2014-01-10 10:23Z: L2 bridge information updated based on feedback from Dmitri Kalintsev. Thank you!

Control plane of every NSX gateway is always implemented in a VM running NSX Edge software. Data plane of L2 gateways and distributed routers is implemented in loadable kernel modules, data plane of NSX Edge services gateway is implemented within the VM (like the traditional vShield Edge).

Each L2 bridge connects a single VXLAN segment to a VLAN segment. A single NSX Edge router VM can control multiple L2 bridges.

NSX Edge router (running just the control plane) can have up to eight uplinks and up to 1000 internal (VXLAN-based) interfaces. NSX Edge services gateway (with data plane implemented within the VM) can have up to ten interfaces (the well-known vSphere limit on the number of interfaces of a single VM). Multiple NSX Edge routers or NSX Edge services gateways can run on the same vSphere host.

Each NSX Edge instance can run in Active/Standby HA mode.

In theory you might have more than one NSX Edge instance connecting a VXLAN segment with the outside world, but even if the NSX Manager software allows you to configure that, I wouldn’t push my luck.

More information

Have you watched the free VMware NSX Architecture videos? Try these if you’re interested in NSX gateways:


  1. Why do you say that a node cannot be both L2 or L3 gateway ?. It all depends on dest-mac, if the MAC belongs to local router then it is a L3 lookup other-wise a L2 lookup ?
Add comment