Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Deploying vSRX Chassis Cluster Nodes Across Different ESXi Hosts Using dvSwitch


Before you deploy the vSRX chassis cluster nodes for ESXi 6.0 (or greater) hosts using distributed virtual switch (dvSwitch), ensure that you make the following configuration settings from the vSphere Web Client to ensure that the high-availability cluster control link works properly between the two nodes:

This chassis cluster method uses the private virtual LAN (PVLAN) feature of dvSwitch to deploy the vSRX chassis cluster nodes at different ESXi hosts. There is no need to change the external switch configurations.

On the VMware vSphere Web Client, for dvSwitch, there are two PVLAN IDs for the primary and secondary VLANs. Select Community in the menu for the secondary VLAN ID type.

Use the two secondary PVLAN IDs for the vSRX control and fabric links. See Figure 1 and Figure 2.

Figure 1: dvPortGroup3 Settings
dvPortGroup3 Settings
Figure 2: dvPortGroup6 Settings
dvPortGroup6 Settings

The configurations described above must reside at an external switch to which distributed switch uplinks are connected. If the link at the external switch supports native VLAN, then VLAN can be set to none in the distributed switch port group configuration. If native VLAN is not supported on the link, this configuration should have VLAN enabled.

You can also use regular VLAN on a distributed switch to deploy vSRX chassis cluster nodes at different ESXi hosts using dvSwitch. Regular VLAN works similarly to a physical switch. If you want to use regular VLAN instead of PVLAN, disable IGMP snooping for chassis cluster links.

However, use of PVLAN is recommended because:

  • PVLAN does not impose IGMP snooping.

  • PVLAN can save VLAN IDs.


When the vSRX cluster across multiple ESXi hosts communicates through physical switches, then you need to consider the other Layer 2 parameters at: