NSX L2VPN within the Data Center
NSX Edge Services Gateways (ESGs) are deployed to perform various network functions (Network Function Virtualization) in an NSX environment.
ESG’s deployed configured for L2VPN provide Layer 2 network adjacency between data centers allowing VLANs – VLANs, VLANs – VXLANs, and VXLANs – VXLANs to be bridged across a Metro Area or Wide Area Network.
The primary use case for L2VPN Edge Services Gateways is Private Cloud to Private Cloud and Private Cloud to Public Cloud Layer 2 LAN/VXLAN extension, but they are also a useful tool for VM mobility within a data center…
Larger data centers with disparate vCenters, clusters and networks, may find it a challenge to perform virtual machine migration across the data center, especially when such a migration forces the need for complex network changes, or application IP readdressing.
Certainly NSX and VXLAN Logical Switches can be used as an overlay between L3 separated clusters, but vSphere ESXi software versions may restrict the use of VXLAN (ideally VXLAN is deployed on ESXi 5.5+).
As an alternative to VXLAN overlay deployment, NSX ESG’s configured for L2VPN provide a means to provide L2 adjacency between disparate clusters networks within the data center.
Tech refreshes of compute and network infrastructure within the data center are a primary use case for intra data center L2VPN mobility mitigating the need for complex physical Layer 2 network and server reconfiguration.
Actual implementation of NSX to support the deployment of L2VPN within the data center can be minimized to a very small subset of the data center environment (two hypervisors?), and the L2VPN Client can also be installed on non NSX enabled clusters (standalone mode).
It is envisaged this would not be a permanent configuration within the data center, but instead, used as a migration tool to simplify VM mobility.
All good fun and next I will detail a very cool feature of L2VPN Gateways… Local Egress Optimization!
Nice article, thanks for sharing. Wondering if there’s any open source or free l2vpn’s out there? Something like OpenContrail or SoftEther may be viable candidates. Ever had any experience working with them?