With L2 VPN, you can stretch multiple logical networks (both VLAN and VXLAN) across geographical sites. In addition, you can configure multiple sites on an L2 VPN server. Virtual machines remain on the same subnet when they are moved between sites and their IP addresses do not change. Egress optimization enables Edge to route any packets sent towards the Egress Optimization IP address locally, and bridge everything else.

L2 VPN thus allows enterprises to seamlessly migrate workloads backed by VXLAN or VLAN between physically separated locations. For cloud providers, L2 VPN provides a mechanism to on-board tenants without modifying existing IP addresses for workloads and applications.

Figure 1. Extending VXLAN across Multiple Sites using L2 VPN
l2

The L2 VPN client and server learn the MAC addresses on both local and remote sites based on the traffic flowing through them. Egress optimization maintains local routing since the default gateway for all virtual machines are always resolved to the local gateway using firewall rules. Virtual machines that have been moved to Site B can also access L2 segments that are not stretched on Site A.

If one of the sites is not backed by NSX, a standalone NSX Edge can be deployed on that site.

In the following graphic, L2 VPN stretches network VLAN 10 to VXLAN 5010 and VLAN 11 to VXLAN 5011. So VM 1 bridged with VLAN 10 can access VMs 2, 5, and 6.

Figure 2. Extending Non-NSX Site with VLAN Based Network to NSX-Site with VXLAN Based Network
l2