Accepted Solutions
As addition Egress Optimization may be helpful similar to Local Egress on UDLR
Perimeter Edge on Site1 is used as L2VPN Server, and the new Edge for for L2VPN is on Site2 and acts as L2VPN Client, Huawei router is the CE device for the MPLS Cloud --> is the undertanding correct? (Or could there be another seperate router for MPLS and/or L2VPN Server on Site1 could be a seperate Edge other than the Perimeter Edge?)
Is there local egress-ingress requirement for the DR Site2? As UDLR is currently used, this may be a requirement as it allows for VMs on Site2 on seperate Logical switch tiers to communicate without being routed from Site1.
Since L2VPN extends Vlans and/or Vxlans between Main Site and DR as mentioned the LIF interfaces on the UDLR needs to be removed from the Logical Switches on both sites. The default gateway is carried to the Perimeter Edge Trunk Interface, so normally Site2 vxlan/vlan egress is done through Site1 L2VPN Server. So for other subnets such as clients or non-L2VPN server subnets can learn the L2VPN Subnet with adding this Subnet to OSPF or redistributing the connected L2VPN subnet into OSPF. East-West and North-South traffic passes through the Edge on Site1. Since the Perimeter Edge has Ospf with UDLR Control VM on Site1, Intra Site1 traffic may be through Perimeter Edge <-->DLR Instance on ESX host.
Egress Optimization for L2VPN allows the same default gateway to reside on both L2VPN Server Edge on Site1 and L2VPN Client Edge on Site2. In that case, similar to Site1, the L2VPN Client Edge may use ospf with Site2 Mpls router Northbound, and Site2 UDLR Control VM Southbound. In that case announcing /32 VM IP addresses (Since they may exist on Site1 or Site2) for Symmetric traffic may be necessary for symmetrical Ingress on Site1 and 2.
These links may be helpful about publishing routes for L2VPN Subnets and Configuring Trunk Interfaces:
http://blog.ipcraft.net/nsx-edge-service-gateway-esg-trunk-interface/
Step 1. Create a Port Group for Trunk Interface
First, I need to create a port group on the vSphere virtual switch. This can be a standard or distributed port group and it will be associated to NSX ESG Trunk interface later. I prefer to use distributed port group as I do not need to manually create the port group on every hosts if I have more than one ESXi hosts.
http://blog.bertello.org/2015/04/nsx-for-newbies-part-9-l2vpn-and-stretched-vlanvxlan-networks/
Local Egress Optimization: this is more easy to understand. It enables the ESG to route any packets sent towards the Egress Optimization IP address locally, and send everything else over the tunnel. Why? VM Mobility! If the default gateway for the virtual machines (belonging to the subnets you’re stretching) is same across the two sites you need this setting to ensure traffic will be locally routed on each site. Should you need to migrate VM from one site to the other, you can do so without touching the guest os network configuration.
http://raoconnor.com/nsx/nsx-lab-configure-layer-2-vpn/
Egress Optimization ensures traffic will use the local site edge
For implementations that require workloads on the extended segment located within the VMware Cloud Provider to access the Internet, egress optimization can be enabled on the NSX Edge appliances with an egress optimization IP address. Typically, this is the same IP address as the default gateway that is used for the on-premises network being extended to the VMware Cloud Provider. Enabling this feature allows Internet bound traffic on the provider side of the connection to exit (egress) through the local egress optimization gateway instead of sending the traffic back over the extended network link to the Internet and then back across the extended link. The egress optimization feature is intended to be used to allow extended workloads to access the Internet or other networks within the VMware Cloud Provider’s environment.
As addition Egress Optimization may be helpful similar to Local Egress on UDLR
Perimeter Edge on Site1 is used as L2VPN Server, and the new Edge for for L2VPN is on Site2 and acts as L2VPN Client, Huawei router is the CE device for the MPLS Cloud --> is the undertanding correct? (Or could there be another seperate router for MPLS and/or L2VPN Server on Site1 could be a seperate Edge other than the Perimeter Edge?)
Is there local egress-ingress requirement for the DR Site2? As UDLR is currently used, this may be a requirement as it allows for VMs on Site2 on seperate Logical switch tiers to communicate without being routed from Site1.
Since L2VPN extends Vlans and/or Vxlans between Main Site and DR as mentioned the LIF interfaces on the UDLR needs to be removed from the Logical Switches on both sites. The default gateway is carried to the Perimeter Edge Trunk Interface, so normally Site2 vxlan/vlan egress is done through Site1 L2VPN Server. So for other subnets such as clients or non-L2VPN server subnets can learn the L2VPN Subnet with adding this Subnet to OSPF or redistributing the connected L2VPN subnet into OSPF. East-West and North-South traffic passes through the Edge on Site1. Since the Perimeter Edge has Ospf with UDLR Control VM on Site1, Intra Site1 traffic may be through Perimeter Edge <-->DLR Instance on ESX host.
Egress Optimization for L2VPN allows the same default gateway to reside on both L2VPN Server Edge on Site1 and L2VPN Client Edge on Site2. In that case, similar to Site1, the L2VPN Client Edge may use ospf with Site2 Mpls router Northbound, and Site2 UDLR Control VM Southbound. In that case announcing /32 VM IP addresses (Since they may exist on Site1 or Site2) for Symmetric traffic may be necessary for symmetrical Ingress on Site1 and 2.
These links may be helpful about publishing routes for L2VPN Subnets and Configuring Trunk Interfaces:
http://blog.ipcraft.net/nsx-edge-service-gateway-esg-trunk-interface/
Step 1. Create a Port Group for Trunk Interface
First, I need to create a port group on the vSphere virtual switch. This can be a standard or distributed port group and it will be associated to NSX ESG Trunk interface later. I prefer to use distributed port group as I do not need to manually create the port group on every hosts if I have more than one ESXi hosts.
http://blog.bertello.org/2015/04/nsx-for-newbies-part-9-l2vpn-and-stretched-vlanvxlan-networks/
Local Egress Optimization: this is more easy to understand. It enables the ESG to route any packets sent towards the Egress Optimization IP address locally, and send everything else over the tunnel. Why? VM Mobility! If the default gateway for the virtual machines (belonging to the subnets you’re stretching) is same across the two sites you need this setting to ensure traffic will be locally routed on each site. Should you need to migrate VM from one site to the other, you can do so without touching the guest os network configuration.
http://raoconnor.com/nsx/nsx-lab-configure-layer-2-vpn/
Egress Optimization ensures traffic will use the local site edge
For implementations that require workloads on the extended segment located within the VMware Cloud Provider to access the Internet, egress optimization can be enabled on the NSX Edge appliances with an egress optimization IP address. Typically, this is the same IP address as the default gateway that is used for the on-premises network being extended to the VMware Cloud Provider. Enabling this feature allows Internet bound traffic on the provider side of the connection to exit (egress) through the local egress optimization gateway instead of sending the traffic back over the extended network link to the Internet and then back across the extended link. The egress optimization feature is intended to be used to allow extended workloads to access the Internet or other networks within the VMware Cloud Provider’s environment.