VMware Networking Community
NXS_Devops
Contributor
Contributor
‎09-15-2017 02:05 PM

L2VPN and DLR

Hello,

After few days wasted to validate a migration use case, I need some help or just a confirmation that I have to proceed differently.

I need to migrate VM between 2 NSX platform.

Obviously, I don't want to make any change on the VM: They have to keep their IP address and GW and avoid any disruption of the service.

The VM are connected on a logical switch and their GW is a DLR.

The migration scenario is to build a L2VPN between both NSX and gradually transfer VM by vMotion. At the beginning, the IP GW would still on the source NSX DLR, then switch to destination NSX DLR at any accurate moment.

The L2VPN works fine and VMs from the both NSX platform can communicate with each others.

The trouble is: the DLR GW are unreachable from the VM hosted on the destination NSX platform.

Actually, the distant VMs know the source DLR vmac but the source DLR cannot obtain the distant VMs MAC.

Any help will be usefull. I wouldn't use an ESG as a GW and lost distributed routing.

Regards

Patrice.

Reply
4 Replies
Techstarts
Expert
Expert
‎09-17-2017 02:36 AM

based on my understanding from VCP Prep guide, If you are using Layer 2 VPN you cannot use DLR. Instead You must NSX Edge.

Any help will be usefull. I wouldn't use an ESG as a GW and lost distributed routing.

If you wish to have distributed routing then the only choice you have is using NSX Universal switch and routers.

With Great Regards,
Reply
0 Kudos
patcoq
Contributor
Contributor
‎11-28-2017 06:51 AM

The fact is: You cannot strech a vxlan between 2 NSX platform if there is a dlr on each side. Even if the dlr is not connected to the streched vxlan.

The cause is the unique vdr vmac.

The NSX R&D works to fix it in future release.

Regards,

Patrice./

Reply
bsnvmw
VMware Employee
VMware Employee
‎03-01-2018 05:49 PM

vxlan-vxlan l2vpn will not work if there is a DLR instances deployed, even if they are not connected to the network being extended via L2VPN (which you do have). The workaround would be to move the default gateways from DLR to the NSX Edge. So the migration workflow would be a) Move the default gateway from DLR to Edge b) Migrate the VM to the target DC, gateway will be reachable if they are on the edge. c) Do the gateway cutover to the DLR in target DC.

Reply
0 Kudos
tanurkov
Enthusiast
Enthusiast
‎03-05-2018 01:37 AM

Hi

To use this scenario as DLR , first you  need to make a UDLR instance if you are not in cross-vc deployment then only way is to use Edge as an gateway or external device reachable from both ends.

Use case for moving workload with L2VPN is here

please take a look on this

NSX Layer 2 VPN: Migrating workloads between Datacentres - Network Virtualization

Regards Dmitri

Reply
0 Kudos