RussH
Enthusiast
Enthusiast

L2VPN in 6.1

Jump to solution

I was doing the HoL for L2VPN (trunking) in NSX and noticed the first thing they get you to do in the lab is disconnect the Logical Switch you want to bridge from the DLR and attach it to the ESR.

I'm not sure if that is just beacuse of restrictions within the Lab or it's a requirement to use the L2VPN with NSX? (i.e. the Logical Switch must not be connected to a DLR and only to the ESR)

I can see a clear use case for trunking a number of vxlan backed logical switches via a L2VPN to a cloud provider for cloud bursting purposes, but i wouldn't want to first have to move them from my DLR.

Thanks

0 Kudos
1 Solution

Accepted Solutions
RussH
Enthusiast
Enthusiast

Hi guys -

Richard - you've summed up my question well. To me it doesn't make any sense to have to move my logical switches from where they should be (attached to the DLR) just so i can use L2VPN - so i'm hoping this is indeed just to make the lab simpler. For L3VPN it does make sense to use the ESR, but not for L2.

If the L3 ESR is required, maybe you can deploy it one armed mode on the logical switch itself.


I'll give this a go in my lab when i get some spare cycles and report back.

Cheers

View solution in original post

0 Kudos
3 Replies
deloachjd
Contributor
Contributor

Your restricted to what type of Logical Router you choose to create.  When deploying a logical router you have two choices: Distributed or Gateway Services.  When selecting the Distributed Logical Router it will not support the additional services such as VPN, Load Balancing, etc.  Only the Logical Gateway Services Routers will allow this kind of functionality.  In the HoL they have you create a Distributed Logical Router first and then attach the the Logical Switch to it.  A later task ask to either create another logical router, but as a Gateway Services or it be already created and have you disconnect the Logical Switch from the Distributed Logical Router over to the Logical Gateway Services Router to get that VPN functionality.

0 Kudos
Richard__R
Enthusiast
Enthusiast

If im understanding the question correctly it's more about being able to use the VPN functionality of the ESG but also maintain E/W logical routing between VXLANs using the DLR uplinked to the ESG via transit network or similar. I haven't done a lot of testing with this but am not aware of a requirement to directly attach logical switches to the ESG for VPN functionality - that would make it quite limiting. Inclined to think it's for simplicity in the lab but perhaps someone can confirm.

0 Kudos
RussH
Enthusiast
Enthusiast

Hi guys -

Richard - you've summed up my question well. To me it doesn't make any sense to have to move my logical switches from where they should be (attached to the DLR) just so i can use L2VPN - so i'm hoping this is indeed just to make the lab simpler. For L3VPN it does make sense to use the ESR, but not for L2.

If the L3 ESR is required, maybe you can deploy it one armed mode on the logical switch itself.


I'll give this a go in my lab when i get some spare cycles and report back.

Cheers

View solution in original post

0 Kudos