Company ACME Enterprise has two private data centers "site A" and "site B". NSX Data Center is deployed at both data centers. As an NSX administrator, you want to migrate workloads (applications) from site A to site B by stretching or extending the VLAN networks on site A to the VXLAN networks on site B.
NSX L2 VPN supports egress optimization by using the same gateway IP address on both sites. This scenario uses the egress optimization feature and ensures that the IP addresses of the applications do not change after the migration.
The following figure shows the logical topology of extending networks between two sites by using the L2 VPN service on the NSX Edges.
The L2 VPN service on the
NSX Edge at site A is configured in "client" mode, and the L2 VPN service on
NSX Edge at site B is configured in "server" mode. As an administrator, your objective is to create a L2 VPN tunnel and perform an L2 extension between sites A and B, such that:
Tunnel ID 200 extends the VLAN 10 network on site A to the VXLAN 5010 network on site B.
Tunnel ID 201 extends the VLAN 11 network on site A to the VXLAN 5011 network on site B.
The following figure shows the logical representation of the L2 extension between both sites.
Remember: In this scenario, both sites have NSX-managed edges. To perform an L2 extension between two sites, the edge that is configured in "server" mode must be an
NSX Edge. However, the edge that is configured in "client" mode can either be an
NSX Edge or a standalone edge, which is not
NSX-managed.
If the client site uses a standalone edge, you can stretch only VLAN networks on the client site with the VLAN or VXLAN networks on the server site.
You can perform an L2 extension either by configuring L2 VPN service over SSL, or by configuring L2 VPN over IPSec. The following procedure explains the steps for stretching L2 networks using L2 VPN over SSL.
Procedure
Navigate to the L2 VPN edge on site B and configure a vnic interface of type "trunk". Add two sub interfaces on this interface.
For detailed instructions about configuring an interface on the edge and adding sub interfaces, see
Configure an Interface.
For example, in this scenario, configure "vnic 1" on the server edge to connect to a distributed port group. Add sub interfaces that connect to logical switches with VNI 5010 and 5011. Each sub interface must have a unique tunnel ID. The following table shows the sub interface configuration on the L2 VPN server edge.
Table 1. Sub Interfaces on vnic 1 of L2 VPN Server Edge
Name
IP Addresses
Network
VNI
Tunnel ID
Status
sub_vxlan1
192.168.10.10/24
VXLAN-Network1
5010
200
Connected
sub_vxlan2
192.168.100.10/24
VXLAN-Network2
5011
201
Connected
Navigate to the L2 VPN edge on site A and configure a vnic interface of type "trunk". Add two sub interfaces on this interface.
For example, in this scenario, configure "vnic 2" on the client edge to connect to a standard port group. Add sub interfaces that connect to VLANs 10 and 11. The tunnel IDs on the client edge must match the tunnel IDs that you specified on the server edge. The following table shows the sub interface configuration on the L2 VPN client edge.
Table 2. Sub Interfaces on vnic 2 of L2 VPN Client Edge
In Site Configuration Details, click Add and specify the configuration of the L2 VPN client (peer) site.
For detailed instructions about adding L2 VPN peer sites, see
Add Peer Sites.
For example, in this scenario, do the following peer site configuration:
Add a peer site with name "site-A". Select the "vnic 1" trunk interface on the server edge, and include the two sub interfaces "sub_vxlan1" and "sub_vxlan2" as the stretched networks. Ensure that you enable the peer site. The following table shows the sub interfaces (stretched interfaces) on peer site-A.
Table 3. Sub Interfaces on Peer Site-A
Name
Parent Index
Parent Name
IP Addresses
Network
VNI
Tunnel ID
sub_vxlan1
1
vnic1
192.168.10.10/24
VXLAN-Network1
5010
200
sub_vxlan2
1
vnic1
192.168.100.10/24
VXLAN-Network2
5011
201
In the Egress Optimization Gateway Address text box, enter 192.168.10.10,192.168.100.10.
Start the L2 VPN service on the server edge.
Publish the changes.
Configure the L2 VPN edge at site A.
Set the L2 VPN mode as Client.
Specify the Logging Configuration and Global Configuration settings.
For example, in this scenario, do the following configuring on the L2 VPN Client:
Select the "vnic 2" trunk interface on the client edge, and include the two sub interfaces "sub_vlan1" and "sub_vlan2" as the stretched networks. The following table shows the sub interfaces (stretched interfaces) on the L2 VPN client edge.
Table 4. Stretched Interfaces on L2 VPN Client Edge
Name
Parent Index
Parent Name
IP Addresses
VLAN
Tunnel ID
sub_vlan1
2
vnic2
192.168.10.10/24
10
200
sub_vlan2
2
vnic2
192.168.100.10/24
11
201
In the Egress Optimization Gateway Address text box, enter 192.168.10.10,192.168.100.10.
Start the L2 VPN service on the client edge.
Publish the changes.
Results
L2 VPN tunnel is established between site A and site B. You can now migrate workloads between the two sites by using the stretched L2 networks.
Alternatively, you can log in to the CLI console of the L2 VPN server edge and client edge and verify the tunnel status by running the show service l2vpn command.
For more information about this command, see the NSX Command Line Interface Reference Guide.