What courses does DClessons offer?

DClessons offers a wide range of online courses including SD-WAN & Cloud Networking, Data Center Technologies, VMware, Docker, SDN, and more.

How can I register for a course on DClessons?

You can register for courses on DClessons by visiting our registration page at https://www.dclessons.com/register and selecting your desired course.

What is the pricing for DClessons courses?

The pricing for each course varies. For example, the SD-WAN & Cloud Networking training is priced at $100. For detailed pricing, visit our course pages.

Is the training online or in-person?

All training provided by DClessons is fully online, allowing you to learn from anywhere, anytime.

Do I get a certification after completing a course?

Yes, upon completing the course and passing the assessments, you will receive a certificate of completion from DClessons.

NSX Logical Switch Packet Flow

Logical Switch Packet Walk:

For each packet walk, it uses Universal Logical switch 5555 as broadcast domain. Below topology is used for each sections of packet walk. Each ESXi cluster has three ESXi host and each ESXi host has two VM powered ON.

Cluster 1 VXLAN encapsulation will be on VLAN 10 in DC X
Cluster 2 VXLAN encapsulation will be on VLAN 20 in DC X
Cluster 3 VXLAN encapsulation will be on VLAN 30 in DC Y

IP addressing of each ESXi host and it’s connected VM is shown and presented well in dig.

Example 1: Logical Switch packet Walk

In this example, let’s assume that C1-M1 is sending frame to VM C1-M2 and assume the following to be true before packet walk:

C1-M1 and C1-M2 are powered ON and connected to Universal logical switch 5555.
C1-M1 and C1-M2 are using MAC address from their respective vmx file
Logical switch 5555 is configured for MAC address learning
NSX Universal Controller NC-2 has been given responsibility for VNI 5555
C1-M1 knows the MAC address of C1-M2

Step1: C1-M1 will send frame with source IP C1-M1-IP with destination IP is C1-M2-IP, it will use Source MAC of C1-M1-MAC, and destination MAC of C1-M2-MAC.

Step 2. Logical Switch 5555 in ESXi host C1-H1 will receive the frame from C1-M1 VM and capture the source MAC address, C1-M1-MAC.

Step 3. As source MAC address C1-M1-MAC is the same MAC address present in the vmx file of C1-M1, and it is already present in the MAC table of logical switch 5555 of C1-H1 the logical switch will now check for destination MAC address of the frame.

Step 4. Now destination MAC address C1-M2-MAC is the same MAC address present in the vmx file of VM C1-M2, and the MAC address is already in logical switch 5555 MAC table in C1-H1

Step 5. Logical switch 5555 in C1-H1 delivers the frame to C1-M2.

Example 2: Logical Switch packet Walk

In this example, let’s assume that C1-M1 is sending frame to VM C1-M2 and assume the following to be true before packet walk:

C1-M1 and C1-M2 are powered ON and connected to Universal logical switch 5555.
C1-M1 and C1-M2 are using MAC address not from their respective vmx file
Logical switch 5555 is configured for MAC address learning
NSX Universal Controller NC-2 has been given responsibility for VNI 5555
C1-M1 knows the MAC address of C1-M2

Step 1. C1-M1 will send a frame with the source IP of C1-M1-IP, and destination IP of C1-M2-IP, It will use Source MAC of C1-M1-MAC, along with destination MAC of C1-M2-MAC.

Step 2. Logical Switch 5555 in ESXi host C1-H1 receives the frame from C1-M1 VM and will capture the source MAC address, C1-M1-MAC.

If the MAC address is not in present in its MAC table, logical switch 5555 in C1-H1 will add this Source MAC information in its MAC table and will also inform to the NSX Controller NC-2 if theReplication Mode configured for the logical switch is Unicast or Hybrid.
If the MAC address is present in the MAC table of logical switch 5555 in C1-H1 but it find that it belongs to a different virtual machine in C1-H1 host, it will update its MAC table and not inform to NC-2.
If the MAC address is present in the MAC table of logical switch 5555 in C1-H1 but it finds that it belong to a different virtual machine in a VTEP but different from C1-H1, it will update its MAC address table and will inform to NC-2 if the Replication Mode for the logical switch is configured Unicast or Hybrid.

In all above each case a copy of the MAC address will also be sent to the Switch Security module. If C1-M1 is using an 802.1Q tab, the VLAN number will also be provided to the Switch Security module; else the VLAN number provided to the Switch Security module is 0.

Step 3. Logical switch 5555 in C1-H1 captures the destination MAC address C1-M2-MAC from Source Packet.

Now if the destination MAC address is not present in the MAC table of logical switch 5555 in C1-H1, the logical switch 5555 will sent query to NC-2 for the destination MAC address if the Replication Mode for the logical switch is configured as Unicast or Hybrid. If C1-H1 host does not receive any response from NC-2, or if NC-2 is down, or if the Replication Mode is configured as Multicast, the logical switch will replicate the frame.

In this case, since the MAC C1-M2-MAC is local to C1-M2, it is expected and true that NC-2 will not have an entry for this MAC address.

Step 4. After following step 3, logical switch 5555 in C1-H1 forwards the frame to C1-M2.

After receipt C1-M2 replies back to C1-M1 with source MAC address C1-M2-MAC, logical switch 5555 in C1-H1 will learn this MAC address, as explained in step 2a.

Example 3: Logical Switch packet Walk

In this example Virtual Machine C1-M3 sends a frame to Virtual Machine C2-M4. Now let’s assume the following to be true:

GENERAL FAQ

What is covered in the VMware NSX Logical Switch Packet Flow lesson?

This lesson explains how packets travel inside an NSX Logical Switch. It covers MAC address learning, frame processing, local switching behavior, replication modes, and how NSX forwards traffic between virtual machines connected to the same logical switch across one or multiple ESXi hosts.

How does a logical switch forward traffic between two VMs on the same ESXi host?

When a VM sends a frame, the logical switch checks its MAC table. If the destination MAC address exists in the table and belongs to a local VM on the same host, the frame is delivered directly without contacting the NSX Controller. This process is known as local switching and provides the fastest packet delivery path.

What happens if the destination MAC address is unknown in NSX?

If the destination MAC address is not present in the logical switch’s MAC table, the switch behavior depends on the replication mode:

In Unicast or Hybrid mode, the logical switch queries the NSX Controller for the MAC-to-VTEP mapping.

If there is no response, or if the replication mode is Multicast, the frame is replicated to locate the destination VM.

Once the correct location is identified, the MAC table is updated accordingly.

How does NSX learn and update MAC addresses during packet flow?

Whenever a frame is received, the logical switch inspects the source MAC address and updates its MAC table if necessary. If a MAC address moves to a different VM or host, NSX automatically updates the mapping. This ensures accurate forwarding decisions and prevents traffic disruption or loops.

What role does the NSX Controller play in VMware NSX packet flow?

The NSX Controller maintains MAC-to-VTEP mappings when Unicast or Hybrid replication mode is used. If a logical switch cannot determine the location of a destination MAC address locally, it queries the controller. The controller responds with the appropriate VTEP information, enabling proper traffic forwarding across ESXi hosts.

Where can I learn advanced NSX packet flow troubleshooting and analysis?

This page explains the fundamental behavior of NSX logical switch packet flow. However, advanced topics such as replication modes, controller communication, VXLAN/VTEP encapsulation flow, and real-world troubleshooting scenarios are covered in detail inside the complete course. Membership plans are available as Monthly ($100), Half-Yearly ($200), and Annual ($350).

Comment

You are will be the first.

Please login here to comment.

EMAIL SUPPORT

LOCATION

NSX Logical Switch Packet Flow