Hello's,
Had a question that I'm not able to get a clear answer on.
Background:
Thanks all for your expertise,
Sky
Yes , you can certainly use IP-Sec or L2 VPN based on the requirement. Since the ask is for IP-Sec , we should understand that if the use case falls under route based IP-Sec tunnel , BGP is the only protocol supported (No Static routes as well) . If you have a mix of Policy/Routed tunnels - below points should be noted .
Also have a look at MTU requirements , not in every case we need 1600 MTU
Hello Sree,
Thanks for your response. I'm not sure however that your response addressed the question.
The IPSEC VPN tunnel in place is not setup by NSX edges. It is configured on the perimeter firewalls e.g Cisco/Palo that the VTEP VXLAN traffic will traverse.
In effect, for VTEP at site A to communicate with VTEP at site B, their traffic will traverse an IPSEC tunnel established by the perimeter firewalls.
As I type this, I don't see why this wouldn't be supported, but would like to know if it is.
Thanks,
Sky
Appreciate for clarifying that. I don't find anything wrong with encrypting(IPSEC) VTEP-VTEP traffic between the sites. Actual Throughput of the Tunnel will certainly be a factor for BUM traffic considering the NSX design and workload placement. Other than that i'm unsure if there are any potential issues, but it might not be a best candidate when situation demands you to troubleshoot VTEP-VTEP connectivity.