VMware Networking Community
wreedMH
Hot Shot
Hot Shot
‎06-19-2018 06:57 PM

VXLAN MTU over Internet

I believe I know the answer to this but I wanted a second opinion.

My friend and I were thinking about lab-ing up NSX at home with a site to site L2L tunnel between our houses consisting of Cisco ASAs. Since VXLAN requires MTU bigger than 1500, and the internet does not support that, I am thinking this will not work. Am I correct? Any workarounds for this type of config?

0 Kudos
2 Replies
rajeevsrikant
Expert
Expert
‎06-19-2018 10:51 PM

MTU over WAN question

Kindly go through the discussion. Its highlighted that with MTU 1500 L2VPN works fine.

0 Kudos
maerli
Contributor
Contributor
‎06-21-2018 02:43 PM

I'm having the same issue.  L2VPN is a solution to extend a network over the internet - fine.  But, it's not the same as being able to create a universal logical router if your use case is disaster recovery.  If your primary site becomes a crater, the VPN tunnel is broken and your server that is moved to the recovery site doesn't have network connectivity.  I get why it doesn't work, it's just a shame there isn't a fancy way to get VXLAN traffic on ESXi hosts across networks that CAN'T have an MTU higher than 1500 to remote site ESXi hosts.  NSX should have some sort of fancy packet splitter and unsplitter for just such occasions.

In the case of the OP, I think a L2 tunnel between Cisco ASA's WOULD probably work, as long as the Cisco's physical interface and the virtual tunnel interface were both set with 1600 MTU.  In this case the Cisco's would be doing the fancy splitting work, right?

0 Kudos