VMware Networking Community
priscillagr
Enthusiast
Enthusiast
‎09-01-2017 06:15 PM
Jump to solution

NSX - L2VPN to connect Management layer from remote site to cloud provider

Hello!

I have the following cenario: at my on-premise site i have 5 physical hosts (installed with vSphere and all managed by a vCenter) and at a cloud  provider i have one baremetal host installed with ESXi (let's call him esxi-cloud). I would like to deploy NSX on the esxi-cloud (so i would need a vCenter and NSX Manager) and configure a L2VPN Server , so i would need also a NSX Edge.

At my on-premises i would install a NSX Standalone Edge to be the client VPN of the L2VPN.

My question is: is it possible for me to extend the management layer? I would like to connect my esxi-cloud to my on-premise vCenter so i could manage him on my on-premise site.

But it's confusing because my esxi-cloud is already connected to the local vCenter at the cloud (because of the vDS i had to create to extend the layer 2).

Should i use standard switch on esxi-cloud? Does L2VPN Server support to extend vSS port groups?

I would love some light on this!

0 Kudos
1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
‎09-02-2017 12:40 AM
Jump to solution

If i understand correctly you are using bare metal servers in cloud and there are no nested ESXI config here. Your idea is to extend VMkernl networks via L2-VPN , this is not possible as per my knowledge with NSX l2 Edge. If we are running nested instance of ESXI - yes we can extend those networks and do it . Considering the use case - one approach would be unsupported NAT config change as per Using NAT between the vCenter Server system and ESXi/ESX hosts (1010652) | VMware KB and connect your cloud instance ESXI host to on-prem VC or vice versa.  L2 vpn supports both VSS/DVS - if you go via VSS - we need Promiscuous mode & Forged transit enabled , for DVS sink port is required.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

0 Kudos
3 Replies
Sreec
VMware Employee
VMware Employee
‎09-02-2017 12:40 AM
Jump to solution

If i understand correctly you are using bare metal servers in cloud and there are no nested ESXI config here. Your idea is to extend VMkernl networks via L2-VPN , this is not possible as per my knowledge with NSX l2 Edge. If we are running nested instance of ESXI - yes we can extend those networks and do it . Considering the use case - one approach would be unsupported NAT config change as per Using NAT between the vCenter Server system and ESXi/ESX hosts (1010652) | VMware KB and connect your cloud instance ESXI host to on-prem VC or vice versa.  L2 vpn supports both VSS/DVS - if you go via VSS - we need Promiscuous mode & Forged transit enabled , for DVS sink port is required.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
priscillagr
Enthusiast
Enthusiast
‎09-02-2017 09:36 AM
Jump to solution

Hello Sreec, thank you for your answer!

Let me see if i understood correctly. In a nested environment, that would be possible because my ESXi would be virtual machines, so i would be successful in extending their layer 2 to the on-premise site and connecting them to a vCenter. But my server is a baremetal, so if i try to extend vmkernel traffic that would not be possible because of how L2VPN works, extending layer 2 virtual machines port groups and not vmkernels.

Is this it?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎09-02-2017 11:37 PM
Jump to solution

Your understanding is correct.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos