vyos@Pod-120-Router:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
----        ----------                        ---  -----------
<...>
eth1             -                                 u/u
eth1.300          172.16.30.1/24                   u/u  Bridge Test VLAN 300
<...>
vyos@Pod-120-Router:~$

STEP 6: Create test Virtual Machines on this VLAN to perform some ping tests

Create VLAN 300 Port Group

Now, we need to create a VDS port group (on vSphere) to simulate the "external" VLAN 300.

Go to the VDS and create a new port group.

Give it a name. In my case, I named it "Pod-120-VDS-VLAN300".

Make the VLAN Type a "VLAN" and type in VLAN 300 here.

Verify all your configuration settings and add the new port group.

Verify if the VLAN port group with VLAN 300 is added

Create a Photon OS VM

Deploy a new OVF Template from the Center Server Client.

Select the local Photon OS ova file.

Provide a name for your Virtual Machine.

Select a computing resource where you want to deploy the VM to.

Review the details and just click next.

Accept the license agreement.

Select a storage resource where you want to deploy the VM to.

Select a networking resource that you want you're VM to be attached to. Make sure you select the VLAN 300 port group you created. Review the details before you finish (screenshot not shown).

Power on the new Virtual Machine.

Network Configuration and Ping Tests

When the VM is ready and power on we need to log in to the console and provide network settings. the first time you log in to a newly deployed Photon OS VM you need to change the password. The default username is "root" and the default password is "changeme".

Welcome to Photon 3.0 (x86_64) - Kernel 4.19.79-1.ph3-esx (tty1)
photon-machine login: root
Password: changeme
You are required to change your password immediately (administrator enforced)
Changing password for root.
Current password: changeme
New password: VMware1!VMware1!
Retype new password: VMware1!VMware1!

Here we change the hostname.

root@photon-machine [ ~ ]# hostnamectl set-hostname l2b-vm-vlan

Here we create a network interface configuration file to specify the static IP address details for the network interface.

root@photon-machine [ ~ ]# vi /etc/systemd/network/10-static-en.network

This is the content of the "10-static-en.network" file.

[Match]
Name=eth0

[Network]
Address=172.16.30.12/24
Gateway=172.16.30.1

Here we change the rights to the file so the system is allowed to use it.

root@photon-machine [ ~ ]# chmod 644 /etc/systemd/network/10-static-en.network

Here we restart the networking service of the VM.

root@photon-machine [ ~ ]# systemctl restart systemd-networkd

Here we reboot the machine.

root@photon-machine [ ~ ]# reboot

When the machine is rebooted (with the new hostname) we can verify if the IP address is correct.

root@l2b-vm-vlan [ ~ ]# ip a

Here I do a quick ping towards my gateway to verify if we have network connectivity.

STEP 7: Configure a Segment as an overlay network (on NSX-T) with a gateway IP address by attaching it to a Tier-1 Gateway

Now we need to create a NSX-T Overlay segment that we are going to use to bridge VLAN 300 with.

NSX-T Manager GUI: Networking >> Connectivity >> Segments >> Add Segment

Verify if the Segment is correctly added.

STEP 8: Create test Virtual Machines on this Segment to perform some ping tests

Deploy a new OVF Template from the Center Server Client.

Select the local Photon OS ova file.

Provide a name for your Virtual Machine.

Select a computing resource where you want to deploy the VM to.

Review the details and just click next.

Accept the license agreement.

Select a storage resource where you want to deploy the VM to.

Select a networking resource that you want you're VM to be attached to. Make sure you select the NSX-T (Bridge) overlay Segment you created.

Review the details before you finish.

Power on the new Virtual Machine.

Network Configuration and Ping Tests

When the VM is ready and power on we need to log in to the console and provide network settings. the first time you log in to a newly deployed Photon OS VM you need to change the password. The default username is "root" and the default password is "changeme".

Welcome to Photon 3.0 (x86_64) - Kernel 4.19.79-1.ph3-esx (tty1)
photon-machine login: root
Password: changeme
You are required to change your password immediately (administrator enforced)
Changing password for root.
Current password: changeme
New password: VMware1!VMware1!
Retype new password: VMware1!VMware1!

Here we change the hostname.

root@photon-machine [ ~ ]# hostnamectl set-hostname l2b-test-vm-nsx

Here we create a network interface configuration file to specify the static IP address details for the network interface.

root@photon-machine [ ~ ]# vi /etc/systemd/network/10-static-en.network

This is the content of the "10-static-en.network" file.

[Match]
Name=eth0

[Network]
Address=172.16.30.10/24
Gateway=172.16.30.1

Here we change the rights to the file so the system is allowed to use it.

root@photon-machine [ ~ ]# chmod 644 /etc/systemd/network/10-static-en.network

Here we restart the networking service of the VM.

root@photon-machine [ ~ ]# systemctl restart systemd-networkd

Here we reboot the machine.

root@photon-machine [ ~ ]# reboot

When the machine is rebooted (with the new hostname) we can verify if the IP address is correct.

root@l2b-test-vm-nsx [ ~ ]# ip a

STEP 9: Configure the overlay network (Segment) as a Layer 2 Bridge-Backed Segment

Now I need to enable the bridging between the NSX-T overlay Segment and the VLAN. I do this inside the actual overlay segment we want to use for bridging.

NSX-T GUI: NSX-T Manager GUI: Networking >> Connectivity >> Segments >> SEG-BRIDGE >> EDIT

There is a label there called "Edge Bridges" click on "Set"

Select the Edge Bridge Profile and the Transport Zone that you created earlier. I have also added the VLAN 300 that I want to bridge to.

Verify if the Edge Bridge is added.

Verify if you see a little "1" in the Segment settings.

STEP 10: Perform some ping and traceroute tests between the VLAN and NSX-T Segment Virtual Machines

Because I am using Photon OS I first need to open up some INBOUND IPTABLE rules on the Tenant Virtual Machines to allow ping and traceroute/tracepath.

Open ICMP and UDP to allow ping and tracepath tests on the VLAN VM

Open ICMP and UDP to allow ping and tracepath tests on the OVERLAY VM

Tests from the VLAN VM to the OVERLAY VM

In the test below you can see that ping is working and that the tracepath is only showing one hop.

Tests from the OVERLAY VM to the VLAN VM

For the other way around you can see (below) that ping is working and that the tracepath is also only showing one hop.

STEP 11: Perform traceflow tests between the VLAN and NSX-T Segment Virtual Machines

I also tried to use traceflow to see if I could retrieve some information from there.

But unfortunately, traceflow does not support bridged traffic flow tests.

STEP 12: Looking at the bridge statistics

There is also a way to look at the bridge statistics under the segment.

Click on "view statistics".

Look at the statistics.

YouTube Video

Comming soon

Technical Reviews

This article was technically reviewed by the following SME's:

I am always trying to improve the quality of my articles so if you see any errors, mistakes in this article or you have suggestions for improvement, please contact me and I will fix this.