VMware NSX

Hi,

I have two data centers. For several reasons, I can't change the MTU on the WAN between them.

I want to extend my VXLANs over both data centers.

So :

1- Am I screwed ?

2- Can I create a L2-VPN between sites with NSX edges on both end and pass the VXLAN traffic IN the vpn ? If so, I suppose there is fragmentation ?

3- Can I create a L2-VPN between sites with NSX edges on both end and switch from VXLAN to VLAN when traffic comes out of the first DC, then pass the L2-VPN (vlan based off course) and then switch back to VXLAN at the other end ? Does this works ?

4- Another solution I didn't think ?

Thanks !

Hi

L2VPN between sites with both VXLAN or one of them is non-VXLAN are supported since NSX 6.1

See this link: VMware NSX vSphere 61 Documentation Center - L2VPN Overview

Depends on your traffic, the Edge performing L2VPN would also quite cpu intensive and this would provide up to ~2Gbps througput.

If you need more throughput e.g. ~10Gbps you will need to do stretch VXLAN which requires change of MTU on the WAN

That makes a lot of sense

Thank you very much !

Just to add to it, even for the L2 VPN the MTU size needs to be set to 1600.

Attached is the reference from the VCP6-NV book regarding this.

oh !

so there is no way to extend network without a 1600 MTU wan then ??

I just found this in the NSX reference design guide

So, which one is true ?

i believe the NSX reference design guide is right. There is no requirement of the VXLAN extension across DC for the L2 VPN

MTU is not required to be more than 1500

Both VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 and NSX-V Multi-site Options and Cross-VC NSX Design Guide‌ says L2VPN should work in 1500 MTU. I have some L2VPN deployment running on default MTU 1500 and they are working fine.