When We talk about NSX-T Segments, We need to understand how they function, NSX-T Segments also function just like normal LAN Network (Layer 2 Network). Same as normal LAN it floods traffic to all of its connected devices. If you haven’t configured Micro-Segmentation – Distributed Firewall all the devices attached to the Segment will receive the traffic. The traffic I was talking about is Broadcast, Unknown Unicat and Multicast Traffic. Also called BUM Traffic.
BUM Traffic
BUM Traffic originated by a VM on a given Hypervisor (Can be ESXi or KVM) needs to be replicated to Remote Hypervisors that host other VMs that are connected to the Same Logical Switch. To enable this flooding, NSX-T supports two different replication modes.
- Broadcast, Unknown Unicat and Multicast Traffic is known as BUM Traffic – All Traffice treated as same.
- Broadcast Traffic – Sent to all VMs on the Layer 2 Segment
- Unknown Unicast – Flooded out all ports of a Switch
- Multicat – IGMP Traffic sent to selective destinations
- Replicated to all TEPs in a particular VNI (NSX-T Network Segment)
- TEPs may be on different Layer 3 Networks
- Replication Mode set at the Segment Level
BUM Traffic Replication Modes
- Head Replication
- Hierarchical Two-Tier Replication
Head Replication
Source TEP is doing all the heavy liftings, Creating Unicast, and sending to all TEPs participating in the VNI
Hierarchical Two-Tier Replication
This is default and recommended as a best practice for Multi-rack Model Architecture (Transport Nodes not in the same Subnet as well as not connected to the same Switch)
For more information on BUM Replication follow the link from VMware,