VMware Networking Community
VinnyB007
Contributor
Contributor
‎12-02-2016 12:51 PM
Jump to solution

MTU over WAN question

Hi,

I have two data centers. For several reasons, I can't change the MTU on the WAN between them.

I want to extend my VXLANs over both data centers.

So :

1- Am I screwed ?

2- Can I create a L2-VPN between sites with NSX edges on both end and pass the VXLAN traffic IN the vpn ? If so, I suppose there is fragmentation ?

3- Can I create a L2-VPN between sites with NSX edges on both end and switch from VXLAN to VLAN when traffic comes out of the first DC, then pass the L2-VPN (vlan based off course) and then switch back to VXLAN at the other end ? Does this works ?

4- Another solution I didn't think ?

Thanks !

Reply
0 Kudos
1 Solution

Accepted Solutions
bayupw
Leadership
Leadership
‎12-03-2016 10:38 AM
Jump to solution

Hi

L2VPN between sites with both VXLAN or one of them is non-VXLAN are supported since NSX 6.1

See this link: VMware NSX vSphere 61 Documentation Center - L2VPN Overview

l2

l2

Depends on your traffic, the Edge performing L2VPN would also quite cpu intensive and this would provide up to ~2Gbps througput.

If you need more throughput e.g. ~10Gbps you will need to do stretch VXLAN which requires change of MTU on the WAN

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw

View solution in original post

Reply
0 Kudos
7 Replies
bayupw
Leadership
Leadership
‎12-03-2016 10:38 AM
Jump to solution

Hi

L2VPN between sites with both VXLAN or one of them is non-VXLAN are supported since NSX 6.1

See this link: VMware NSX vSphere 61 Documentation Center - L2VPN Overview

l2

l2

Depends on your traffic, the Edge performing L2VPN would also quite cpu intensive and this would provide up to ~2Gbps througput.

If you need more throughput e.g. ~10Gbps you will need to do stretch VXLAN which requires change of MTU on the WAN

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
Reply
0 Kudos
VinnyB007
Contributor
Contributor
‎12-03-2016 03:19 PM
Jump to solution

That makes a lot of sense

Thank you very much !

Reply
0 Kudos
rajeevsrikant
Expert
Expert
‎12-03-2016 08:20 PM
Jump to solution

Just to add to it, even for the L2 VPN the MTU size needs to be set to 1600.

Attached is the reference from the VCP6-NV book regarding this.

NSX_L2VPN.png

Reply
0 Kudos
VinnyB007
Contributor
Contributor
‎12-04-2016 05:30 AM
Jump to solution

oh !

so there is no way to extend network without a 1600 MTU wan then ??

Reply
0 Kudos
VinnyB007
Contributor
Contributor
‎12-04-2016 06:52 AM
Jump to solution

I just found this in the NSX reference design guide

Screen Shot 2016-12-04 at 9.51.13 AM.png

So, which one is true ?

Reply
0 Kudos
rajeevsrikant
Expert
Expert
‎12-04-2016 07:40 PM
Jump to solution

i believe the NSX reference design guide is right. There is no requirement of the VXLAN extension across DC for the L2 VPN

MTU is not required to be more than 1500

Reply
0 Kudos
bayupw
Leadership
Leadership
‎12-14-2016 11:18 PM
Jump to solution

Both VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0 and NSX-V Multi-site Options and Cross-VC NSX Design Guide‌ says L2VPN should work in 1500 MTU. I have some L2VPN deployment running on default MTU 1500 and they are working fine.

pastedImage_1.png

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
Reply
0 Kudos