When an NSX-managed NSX Edge is set up as a L2 VPN client, some configuration is automatically done by NSX. When a standalone NSX Edge is set up as a L2 VPN client, these configuration steps must be done manually.
About this task
If one of you VPN sites does not have NSX deployed, you can configure an L2 VPN by deploying a standalone NSX Edge at that site. A standalone Edge is deployed using an OVF file that represents an Edge gateway with the purpose of acting as an L2 VPN client to be deployed on a host that is not managed by NSX.
If a standalone edge trunk vNIC is connected to a vSphere Distributed Switch, either promiscuous mode or a sink port is required for L2 VPN function. Using promiscuous mode can cause duplicate pings and duplicate responses. For this reason, we recommend using sink port mode in the L2 VPN standalone NSX Edge configuration.
You need the port number of the trunk vNIC of the standalone edge.
- Retrieve the dvsUuid value:
- Go to vCenter Mob UI at https://<vc-ip>/mob?vmodl=1.
- Click content.
- Click the link associated with the rootFolder (for example: group-d1 (Datacenters)).
- Click the link associated with the childEntity (for example: datacenter-1).
- Click the link associated with the networkFolder (for example: group-n6).
- Click the DVS name link for the vSphere distributed switch associated with the NSX Edges (for example: dvs-1 (Mgmt_VDS)).
- Copy the value of the uuid string.
- Modify the selectionSet in the vCenter managed object browser (MOB).
- Log in to the vCenter Mob UI at https://<vc-ip>/mob?vmodl=1.
- Click content.
- Click DVSManager.
- Click updateOpaqueDataEx.
- In the selectionSet value box paste the following XML block:
<selectionSet xsi:type="DVPortSelection"> <dvsUuid>c2 1d 11 50 6a 7c 77 68-e6 ba ce 6a 1d 96 2a 15</dvsUuid> <!--example only--> <portKey>393</portKey> <!--port number of the DVPG where SINK to be set--> </selectionSet>
Use the dvsUuid value that you retrieved from the vCenter MOB.
- On the opaqueDataSpec value box paste one of the following XML blocks:
To enable SINK port:
<opaqueDataSpec> <operation>edit</operation> <opaqueData> <key>com.vmware.etherswitch.port.extraEthFRP</key> <opaqueData xsi:type="vmodl.Binary">AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</opaqueData> </opaqueData> </opaqueDataSpec>
To disable SINK port:
<opaqueDataSpec> <operation>edit</operation> <opaqueData> <key>com.vmware.etherswitch.port.extraEthFRP</key> <opaqueData xsi:type="vmodl.Binary">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=</opaqueData> </opaqueData> </opaqueDataSpec>
- Set the isRuntime boolean to false.
- Click Invoke Method.