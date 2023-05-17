Using Nested Virtualization and specifically Nested ESXi, which is running ESXi inside of a VM, has become so automatic and second nature for me and many in the VMware community, that I sometimes forget we still have brand new users who are experiencing ESXi for the very first time.

Nested ESXi is an extremely powerful capability for so many different use cases from development, testing and general learning purposes. Before jumping in and deploying your Nested ESXi environment, which I highly recommend using my Nested ESXi Virtual Appliances, you need to make sure that you have proper networking setup or you will run into all sorts of strange issues. For all VMware Nested Virtualization resources, tips and tricks, you will definitely want to bookmark this page HERE.

Disclaimer: Nested Nested ESXi is not officially supported by VMware and Nested Virtualization is only supported under limited scenarios. For more details, please refer to this VMware KB 2009916.

While new users of ESXi may not be aware of the networking requirements, I have also come across issues reported from more experienced ESXi users and issue was resolved once I had reminded them of the networking requirements, which they knew but had totally forgotten about! It goes to show that even the most experienced users can also forget the basics and it certainly is something that can easily be missed, I admit I have done it a few times when installing or re-installing a new setup 🙂

I figured this was a good time to publish a refresher on the networking requirements, the reason for it and the different ways you can meet this requirement depending on the version of ESXi you are using in your setup.

Networking Requirement:

Enable either Promiscuous Mode and Forged Transmit OR MAC Learning on the virtual switch of your the physical ESXi host. See this blog post HERE for the reason why this is needed and this blog post HERE to understand the performance impact to your environment when Promiscuous Mode is enabled specifically.

Note: If you have the ability to use the MAC Learning capability of the virtual switch of your the physical ESXi host, this will provide you with the best experience and no performance impact since the need for Promiscuous Mode is not required. If you must enable Promiscuous Mode, then take a look at the network recommendations below on ways to mitigate the performance impact.

Networking Configuration:

For a Virtual Standard Switch (VSS), you can find the Promiscuous Mode and Forged Transmit settings under the Security section of the vSwitch, both of which default to reject.



For a Virtual Distributed Switch (VDS), you can find the Promiscuous Mode and Forged Transmit settings under the Security section of a Distributed Portgroup both of which default to reject. If you are using vSphere 7.0 or later, you can also find the native MAC Learning configuration under this section, which is also disabled by default.

For NSX, you can find the MAC Learning configuration under an NSX Segment within the MAC Discovery Segment Profile. By default, MAC Learning is disabled and you will need to create a custom MAC Discovery Segment Profile that has MAC Learning enabled.



Click into the default MAC Discovery Segment Profile to create a new custom profile that contains the enablement of MAC Learning setting and apply that profile to the desired NSX Segment once you hare done.



Note: Enablement of Promiscuous Mode, Forged Transmit and MAC Learning can all be automated using either vSphere or NSX API, the examples above was to illustrate the quickest way to enable these settings for users who may only need to do this once.