AhmadJamilHasan
Enthusiast
Enthusiast

L2 extension across HQ and DR

Greetings,

I am little bit confused about the technology we should implement to establish layer 2 connectivity between both sites, Please keep in mind that we have mixed environment ( most of workloads are VM-based VMs however database servers still bare-metal and running on top of RISC servers).

will the NSX provides L2 connectivity between two sites for both virtual and physical , is there any conflict between Cisco OTV technology and NSX ??

Thanks in advance

Tags (1)
4 Replies
Sreec
VMware Employee
VMware Employee

There is no conflict in this scenario . You could leverage NSX vxlan for overlay networks for vSphere sites and leverage OTV for connecting to Baremetal servers as well. You should also have a look at L2 bridging capability of NSX(Bridging VXLAN with VLAN) or L2 VPN feature which will also satisfy such use cases.

Cheers,
Sree | VCIX-5X| VCAP-4X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
AhmadJamilHasan
Enthusiast
Enthusiast

Thank you Sreec‌ for your response.

One thing if you please,Bridging VXLAN with VLAN would replace the need for OTV provided by N7K or ASR 1000

the point is that we need to know if the L2 extension can be deployed only using software like NSX or we have to consider changing the underlying Network infrastructure.

Thanks in advance.

0 Kudos
bayupw
Leadership
Leadership

For multi-site deployment, you can review the options and requirements based on NSX-V Multi-site Options and Cross-VC NSX Design GuidepastedImage_1.png

Please note that stretched VXLAN (NSX with vMSC, separate clusters, and Cross-VC NSX) requires 1600 MTU, this means MTU for WAN/inter-DC connectivity between HQ and DR must be 1600 at minimum end to end.

If this is cannot be achieved, the only option with NSX would be L2VPN.

Depends on your traffic, the NSX Edge performing L2VPN would also quite cpu intensive and this would provide up to ~2Gbps throughput.

If you need more throughput e.g. ~10Gbps then you will need to do stretch VXLAN which requires change of MTU on the WAN.

Regarding L2 bridging, L2 bridging can be performed between local logical switches and physical VLANs via software (NSX software) or hardware gateway (Hardware VTEP compatilble with NSX) but this is not currently available with universal logical switches (stretched VXLAN) as explained in the Multi-site options and Cross-VC NSX Design Guide.

But if you decide to go with L2VPN, you can connect the physical/bare-metal  VLAN to NSX Edge and connect them with L2VPN.

The Multi-site/Cross-VC design guide also explains on what we can do for L2 Bridging Between Logical and Physical Network on multi-site

Some of my customers use both OTV for the bare-metal and NSX stretched VXLAN for virtual machines.

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
Sreec
VMware Employee
VMware Employee

Appreciate your response Ahmad . Whether to replace OTV or not is a high level discussion and requires little more thoughts. I have seen customers using both primarily because they are using OTV for other sites also i'm not sure how Support/Licensing model work for OTV . But if i were you i would simply remove OTV for this use case and leverage one of the option after a testing and i'm sure it will work seamlessly and rest of the points Bayu has already updated in this thread. Let me know if you have some more questions.

Cheers,
Sree | VCIX-5X| VCAP-4X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered