4 Replies Latest reply on Mar 5, 2018 1:37 AM by tanurkov

    L2VPN and DLR

    NXS_Devops Lurker



      After few days wasted to validate a migration use case, I need some help or just a confirmation that I have to proceed differently.


      I need to migrate VM between 2 NSX platform.


      Obviously, I don't want to make any change on the VM: They have to keep their IP address and GW and avoid any disruption of the service.

      The VM are connected on a logical switch and their GW is a DLR.

      The migration scenario is to build a L2VPN between both NSX and gradually transfer VM by vMotion. At the beginning, the IP GW would still on the source NSX DLR, then switch to destination NSX DLR at any accurate moment.

      The L2VPN works fine and VMs from the both NSX platform can communicate with each others.

      The trouble is: the DLR GW are unreachable from the VM hosted on the destination NSX platform.

      Actually, the distant VMs know the source DLR vmac but the source DLR cannot obtain the distant VMs MAC.


      Any help will be usefull. I wouldn't use an ESG as a GW and lost distributed routing.





        • 1. Re: L2VPN and DLR
          Preetam Zare Expert

          based on my understanding from VCP Prep guide, If you are using Layer 2 VPN you cannot use DLR. Instead You must NSX Edge.


          Any help will be usefull. I wouldn't use an ESG as a GW and lost distributed routing.

          If you wish to have distributed routing then the only choice you have is using NSX Universal switch and routers.

          With Great Regards,
          vExpert 2012-2017 | VCP3-5 | VCAP5-DCD | VCP-NV | vSAN Specialist | VDI | Germany
          • 2. Re: L2VPN and DLR
            patcoq Lurker

            The fact is: You cannot strech a vxlan between 2 NSX platform if there is a dlr on each side. Even if the dlr is not connected to the streched vxlan.

            The cause is the unique vdr vmac.

            The NSX R&D works to fix it in future release.





            1 person found this helpful
            • 3. Re: L2VPN and DLR
              bsnvmw Novice

              vxlan-vxlan l2vpn will not work if there is a DLR instances deployed, even if they are not connected to the network being extended via L2VPN (which you do have). The workaround would be to move the default gateways from DLR to the NSX Edge. So the migration workflow would be a) Move the default gateway from DLR to Edge b) Migrate the VM to the target DC, gateway will be reachable if they are on the edge. c) Do the gateway cutover to the DLR in target DC.

              • 4. Re: L2VPN and DLR
                tanurkov Enthusiast


                To use this scenario as DLR , first you  need to make a UDLR instance if you are not in cross-vc deployment then only way is to use Edge as an gateway or external device reachable from both ends.

                Use case for moving workload with L2VPN is here

                please take a look on this

                NSX Layer 2 VPN: Migrating workloads between Datacentres - Network Virtualization


                Regards Dmitri