We are currently running a "legacy" setup without NSX, using Distributed vSwitches. In this environment we are running virtual firewall appliances attached to Distributed Portgroups with "VLAN trunking" because there are more then 10 networks connected to each firewall and otherwise we would run against the 10 vnic/VM limit.
We want to implement NSX, but only the GENEVE underlay/overlay to get rid of the need for so many VLANs on the physical infrastructure, however Routing and Security are supposed to still be done by the same virtual firewall of another vendor. Switching to NSX distributed routing/firewalling and/or using 3rd party integrations is not an option for reasons beyond the scope of this forum.
Now my question is -> is it possible to assign multiple NSX overlay-based segments to a single vnic in a way so that the VM thinks it is connected to a VLAN trunk?
Thanks.
There is no way to trunk overlay networks so you will hit the same limitations. Regarding your design and traffic flow, I'm not fully clear. NSX security features must be explored to determine whether there are any substitutes. Nevertheless, there are other designs available; for example, you can peer NSX logical Routers with a firewall while continuing to examine for a few traffic patterns.
With the NSX-V there was an option to add more than one IP address on the same Interface on the NSX-Edge VM. I am not sure if that option is available with NSX-T you can try that assigning more than one IP address on the single NIC connecting to an overlay network
Ok That is very unfortunate...
I know that NSX is very powerful, but an mentioned we have our reasons to want to do it in a different way which I cannot make public and are not up to discussion here...
You can trunk multiple VLANs across one Overlay Segment. Then you VLAN tag on the VM. Not sure if this is what you need, but hope it helps. You simply set VLAN on the Overlay Segment to a range of VLANs, for instance 0-4094.