VMware Cloud Community
AlexandreD51
Contributor
Contributor

vCloud Availability - L2 stretch feature - public IP needed on the autonomous Edge ?

Hello,

We are currently working on a new DRAAS offer with VCDA.

I'm testing the L2 stretch feature in the VCDA onprem appliance. First of all, I had difficulty to find difference between standalone Edge and Edge For ESXi (from Vmware product download page)...
I tried both of the OVA Edge, and here my conclusion:

- Standalone Edge, is not working with VCDA. It's not the autonomous Edge called by VMware. I mounted a L2VPN sucessfully with vCloud's Edge Gateway (with the peer code), but cannot configure her in the VCDA on premise appliance. It is not recognize as autonomous Edge, so I selected manually the VM in the vCenter, There is a certificate error when i try to add the Edge in VCDA. It's not working with VCDA, but I notice that the edge is behind a firewall, and the l2vpn session is working, i will explain that later in the post.

- Edge for ESXi : This is this OVA who need to use with VCDA onprem. At the OVA deployement, we need to setup a IP, check a box "Autonomous Edge", and let the others field empty (except password of course), and we're good.

After that, I can register this autonomous Edge in VCDA onprem appliance, and configure uplinks, and the l2vpn session.

BUT !! even if i setup sucessfully a l2vpn session between Vcloud Director Edge Gateway and the Stand Alone Edge (behind a firewall), I cannot do the same with the autonomous Edge, because she need a public IP on the uplink port... 

For the L2VPN Session, we need to configure two public IP adress, the local address and the remote address. In the VCDA onprem, the local address (corresponding to the remote address in the l2vpn server session) must match the uplink interface of the Edge... 

If local IP adress doesn't match the edge's uplink interface, there is the following error:

"The local address X.X.X.X for client session doesn't match the one of the NSX Autonomous Edge "edge ID" uplink port."

So in my POC setup, i did this, and I configure a public IP on the uplink interface of the autonomous Egde, and yes i can mount the l2vpn session in the VCDA appliance...

But I don't know lot of customer who have a empty dedicated IP, and a wan vlan configure on ESXis.. There is a way to put the autonomous Edge behind the firewall ? (like standalone Edge L2T/L2VPN as I said sooner)

Maybe, i some mistake, or don't understand something, and thank you for your help or feedback.

Alexandre

Reply
0 Kudos
0 Replies