- Consider the following diagram. Here Segment-1 and Segment-2 are both overlay segments.
- Segment-1 is attached to T-1.
- VM-A has two interfaces eth0 and eth1. These interfaces are bridged internally within the VM.
- Eth0 is connected to Segment-1 and eth-1 is connected to Segment-2.
- Traffic received on eth0 is going out of eth1.
- VM-B is connected to Segment-2. Segment-2 is not attached to any T1.

In this case the ARP request from VDR (10.X.X.X) will reach VM-B.eth0 interface (10.X.X.X) but VDR will not be able to learn ARP because the packet will not get delivered to VM-A.eth1. Here VM-A.eth1 is sending forged MAC 02:50:56:X:X:X that is same as VDR port MAC 02:50:56:X:X:X. As per VDR port design it is also on trunk VNI. Hence we cannot learn this MAC address on the same VNI from VM-A.eth1.

VMware NSX-T

This is not a supported topology.

It can work in certain conditions:

• Enabling static mac-learning on the vds.

nsxdp-cli vswitch mac-learning set --learn-static --dvs-alias <switch-name>

This property does not persist across host reboots, upgrades or cfgAgent restart and cfgAgent full sync. In case of these events the command needs to be executed again on the host.

• It can also work if service insertion is configured as service insertion will enable static mac-learning by default.