Thanks Jon! Really glad it was helpful!

Thanks Ken! I am not an NSX-V expert (I've dabbled in it a bit), but I do think NSX-T is a huge improvement once you get the hang of some of the new terminology/concepts.

I'm thinking it depends how the original port groups were setup on vSphere.

Agreed! In slightly older versions of NSX-T, it was more complicated in my opinion..now it's almost trivial. Obviously there's other considerations (sizing of edges, physical NICs, etc) for production, but the basic config is really pretty simple!

@@NRDYTech You are awesome, I've just stripped out 50% of the config I had and just changed the edge's main port group to ALL-VLANs... And Bingo!

Thank you Paolo!

Thanks for the kind words! To answer your first question, all of the "overlay" traffic rides on an underlay VLAN, which I often call the "TEP VLAN" - the whole purpose of this VLAN is to transfer the GENEVE encapsulated (aka: overlay) traffic across the network. You hit the nail on the head - if you do have TEPs in different networks (which is fine, and actually preferable in some situations), you just need to make sure you have routing between those TEPs (and Jumbo MTU). You set the default GW for the TEPs when you configure the N-VDS/VDS in NSX-T.

To answer the second part of your question, when you ping from one VM to another VM, the host has a couple of tables. They have a routing table, and they also have an ARP and Mac-> TEP table. So say you ping 192.168.2.20, which is on another host, your current host would do a lookup, and see that 192.168.2.20 is on TEP 172.16.5.5...so it will then encapsulate that original traffic with GENEVE, and set the outer IP header to a destination of the 172.16.5.5 TEP IP. By doing this, the underlay only really needs to know about all of the TEP IP/Macs, and not the VMs. Hopefully this makes sense!

@@NRDYTechtHANK YOU!! Makes much more sense! Is there a Facebook or IG or anything I can follow? I know its a bit rude but just really need some help on my project so messaging would be much more efficient lol...its okay if you dont want to... Anyway great explaination!

@@aeroSheldonL I don't have anything like that setup, but maybe I should start a group or something! To be honest time is VERY valuable for me right now, so I try hard to answer questions here but it would be tough to get involved more than that

Hi Sumeeth, you would be enabling promiscuous mode at the port group level - not at the vNIC of the edge VM. So this would be whatever port group is trunking to your edge VMs (in my case, it's usually something like "ALLTRUNK-PG"

The reason you'd want to bridge instead of only VLAN-backed segments, is what if you plan on transitioning those particular segments into NSX? Specifically, what if I have the 172.16.0.0/16 network on my physical network. I want to eventually have that exist ONLY in NSX (meaning NSX handles route advertisement and such). I could, in theory, just delete the SVI from my physical network and re-create it in NSX. That would incur an outage though. With bridging, I could create the bridge/network in NSX, and slowly transition VMs into NSX - and most importantly - have them still be L2 adjacent to their buddies still on the old VLAN. Essentially, my "migrated" VMs in NSX are still talking on 172.16.0.0/16, and the VMs I haven't migrated yet are still also on 172.16.0.0/16. Now, you could definitely use VLAN-backed segments if the end goal is to keep the SVI/default gateway on the physical network. That's actually a smart idea. But if the end goal is that NSX owns those segments completely (and the physical network doesn't know about them EXCEPT through route advertisements) - then bridging is probably a better fit. Either way, just a temporary implementation. Sorry for the novel :)

@@NRDYTech Thank you for the 'novel', that clarified a lot! I find the use case for some things in NSX difficult to tell because I've never used NSX in a real production environment.